Integrate with ToolJet
Support level: Community
What is ToolJet?
ToolJet is a low-code platform for building internal tools and business applications.
Preparation
The following placeholder is used in this guide:
authentik.companyis the FQDN of the authentik installation.
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
ToolJet's OIDC SSO is available on the Team plan. To configure instance-level SSO, you must be a ToolJet super administrator. To configure workspace-level SSO, you must be a ToolJet workspace administrator.
authentik configuration
In authentik versions earlier than 2026.5, all Redirect URIs are automatically treated as Authorization type. If you are using one of these older authentik versions, add only the Authorization URL to your Redirect URIs and do not configure a Post Logout URI.
To support the integration of ToolJet with authentik, you need to create an application/provider pair in authentik.
Create an application and provider
-
Log in to authentik as an administrator and open the authentik Admin interface.
-
Navigate to Applications > Applications and click New Application to open the application wizard.
- Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. Note the Slug value because it is required later.
- Choose a Provider type: select OAuth2/OpenID Connect as the provider type.
- Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Note the Client ID and Client Secret values because they are required later.
- Add a Redirect URI of type
StrictAuthorizationwith a temporary value ofhttps://temp.temp. - Select any available signing key.
- Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's Application Dashboard page.
-
Click Submit to save the new application and provider.
ToolJet configuration
Generate the redirect URL
- Log in to ToolJet with the required administrator role.
- Click the settings icon in the lower-left corner and open the login settings for the required scope:
- For instance-level SSO, navigate to Settings > Instance login.
- For workspace-level SSO, navigate to Workspace Settings > Workspace login.
- Enable OpenID Connect.
- In the modal, select App provider and enable the provider using the toggle in the upper-right corner.
- Click Save changes without entering the provider settings. ToolJet generates a Redirect URL.
- Open the OpenID Connect modal again and copy the Redirect URL.
Update the authentik provider
- In a separate browser tab, log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Applications > Providers and open the provider that you created for ToolJet.
- Replace the temporary Redirect URI with the Redirect URL that you copied from ToolJet. Keep the URI type set to
StrictAuthorization. - Click Update to save the provider.
Complete the OIDC configuration
Return to the OpenID Connect modal in ToolJet and configure the following settings:
- Name:
authentik - Grant type:
Authorization Code - Client ID: Client ID from authentik
- Client Secret: Client Secret from authentik
- Well known URL:
https://authentik.company/application/o/<application_slug>/.well-known/openid-configuration
Ensure that the provider is enabled and click Save changes.
Configuration verification
To confirm that authentik is properly configured with ToolJet, open ToolJet and click Sign in with authentik. You should be redirected to authentik and returned to ToolJet after authentication.