Enterprise SSO

Orinel supports single sign-on (SSO) with Google Workspace and Microsoft Azure AD (Entra ID) for MNC and enterprise customers. Configure providers in Supabase and enable them in the app.

Google Workspace

• In Supabase Dashboard: Authentication → Providers → Google. Enable and add Client ID and Client Secret from Google Cloud Console.
• Google Cloud: Create OAuth 2.0 credentials (Web application). Add authorized redirect URI: https://<your-project>.supabase.co/auth/v1/callback (and your app origin for PKCE if used).
• Scopes: openid, email, profile.
• In the app set NEXT_PUBLIC_ENABLE_GOOGLE_SSO=true. The login page will show "Sign in with Google (Workspace)".

Azure AD (Microsoft Entra ID)

• In Supabase Dashboard: Authentication → Providers → Azure. Enable and add Application (client) ID and Client secret from Azure portal.
• Azure Portal: App registration → Authentication → Add platform → Web. Redirect URI: https://<your-project>.supabase.co/auth/v1/callback. For local dev add http://localhost:<port>/auth/callback (match NEXTAUTH_URL; prefer localhost over 127.0.0.1 unless you use loopback).
• In the app set NEXT_PUBLIC_ENABLE_AZURE_SSO=true. The login page will show "Sign in with Microsoft (Azure AD)".

Callback URL

OAuth redirect must use the server callback so enterprise (Microsoft-only) rules are enforced. Add https://<your-app>/api/auth/callback to Supabase Authentication → URL Configuration → Redirect URLs. The login page uses this URL when starting Google or Azure sign-in. Site URL and redirect list must include your app origin. For production set NEXT_PUBLIC_APP_URL (or NEXT_PUBLIC_SITE_URL) to your app origin.

Related

• Security — Access control and auth
• Permissions — Role matrix