OAuth 2.0
Google, GitHub, Microsoft, Okta, and Keycloak.
LDAP / Active Directory
Connect to your on-premises directory for authentication and user sync.
SAML 2.0
Enterprise SSO with any SAML 2.0-compatible identity provider.
OAuth 2.0
Collabase supports the following OAuth providers out of the box:| Provider | Notes |
|---|---|
| Works for personal and Google Workspace accounts. | |
| GitHub | Requires creating an OAuth App in your GitHub organization settings. |
| Microsoft | Works with personal Microsoft accounts and Azure AD / Entra tenants. |
| Okta | Requires your Okta organization domain URL. |
| Keycloak | Requires your Keycloak realm URL. |
Setting up an OAuth provider
Create an OAuth application in your provider
Register a new OAuth app in your provider’s settings. When asked for a redirect / callback URL, enter:Examples:
- Google:
https://collabase.example.com/api/auth/callback/google - Microsoft:
https://collabase.example.com/api/auth/callback/microsoft-entra-id - GitHub:
https://collabase.example.com/api/auth/callback/github
Enter your credentials
Paste the Client ID and Client Secret. For Okta, enter your Okta domain. For Keycloak, enter the realm URL.
Set the default role
Choose the role new accounts created through this provider will receive — User or Admin.
Credentials are encrypted and cannot be viewed again after saving. To update a credential, enter the new value and save again.
LDAP / Active Directory
LDAP connects Collabase to your on-premises directory (Active Directory, OpenLDAP, FreeIPA, etc.) for authentication and optional user synchronization. Navigate to Admin → Identity Providers and open the LDAP configuration.Configuration
| Field | Description |
|---|---|
| Host | Your LDAP server address |
| Port | 389 for standard LDAP, 636 for LDAP over TLS |
| Use TLS | Recommended for production |
| Bind DN | The service account used to connect to the directory |
| Bind Password | Password for the service account |
| Base DN | The directory path to search for users |
| User Search Filter | Which objects to treat as users. Default: (objectClass=person) |
| Email Attribute | Directory attribute for the user’s email |
| Name Attribute | Directory attribute for the user’s display name |
| Default Role | Role assigned to synced users — User or Admin |
Directory sync
When sync is enabled, Collabase regularly imports users from your directory:- New users in the directory are created in Collabase.
- Existing users have their name updated on each sync.
- Users removed from the directory are disabled in Collabase — their content is not deleted.
SAML 2.0
SAML 2.0 is supported for SSO with providers such as Okta, Microsoft Entra (Azure AD), and others.What to give your identity provider
Your IT or IdP admin needs two values to register Collabase:| Value | Format |
|---|---|
| Assertion Consumer Service (ACS) URL | https://your-collabase-domain/api/auth/saml/callback |
| Entity ID | https://your-collabase-domain/api/auth/saml/metadata |
What you need from your identity provider
| Field | Where to find it |
|---|---|
| IdP SSO URL | The sign-on URL from your IdP’s SAML settings |
| IdP Certificate | The signing certificate (PEM format) |
| Entity ID | The IdP’s identifier |
Configuring SAML
Navigate to Admin → Identity Providers and open the SAML panel.
Configure your IdP to include the user’s email and display name in the SAML response.
Emergency admin access
Always keep at least one admin account that can log in with a password — in case your identity provider is unavailable. The standard login form is always accessible at/auth/login, even when SSO is the default sign-in method.