SSO with Keycloak
You already use your SSO to conveniently manage permissions to applications; now you can also use it to manage permissions to your datasources following these simple steps.
- Add a client: In your Keycloak console, click Clients then Create.
- Enter basic information: Put a name like sdm or strongdm in Client ID (this will be needed later on), choose openid-connect as Client Protocol, and for Root URL fill in
https://app.strongdm.com
. Click Save.Configure credentials - Enter Details: In the next window, ensure Client Protocol is openid-connect, set Access Type to confidential, and fill in the following URLS under Valid Redirect URIs:
https://app.strongdm.com/auth/return
andhttps://app.strongdm.com/auth/return
. Other fields are optional and can be set as you prefer. Click Save.Enter details - Record the Client Secret: Click the Credentials tab and copy the string in the Secret field. You will need this in the next step.
Record client secret - Enter the account details in strongDM: In the strongDM app, go to "Settings" -> Authentication, choose OpenID Connect from the drop down menu and add your URL (Add
/auth/realms/<realmname>
to your Keycloak base URL), Client ID, and Client Secret as shown. Click Activate.Configure Keycloak in strongDM - Verify users in Keycloak: Ensure that all users in strongDM exist in Keycloak.
If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.