Close
logodocs

SSO with Keycloak

You already use your SSO to conveniently manage permissions to applications; now you can also use it to manage permissions to your datasources following these simple steps.

  1. Add a client: In your Keycloak console, click Clients then Create.
  2. Enter basic information: Put a name like sdm or strongdm in Client ID (this will be needed later on), choose openid-connect as Client Protocol, and for Root URL fill in https://app.strongdm.com. Click Save.
    Configure credentials
    Configure credentials
  3. Enter Details: In the next window, ensure Client Protocol is openid-connect, set Access Type to confidential, and fill in the following URLS under Valid Redirect URIs: https://app.strongdm.com/auth/return and https://app.strongdm.com/auth/return. Other fields are optional and can be set as you prefer. Click Save.
    Enter details
    Enter details
  4. Record the Client Secret: Click the Credentials tab and copy the string in the Secret field. You will need this in the next step.
    Record client secret
    Record client secret
  5. Enter the account details in strongDM: In the strongDM app, go to "Settings" -> Authentication, choose OpenID Connect from the drop down menu and add your URL (Add /auth/realms/<realmname> to your Keycloak base URL), Client ID, and Client Secret as shown. Click Activate.
    Configure Keycloak in strongDM
    Configure Keycloak in strongDM
  6. Verify users in Keycloak: Ensure that all users in strongDM exist in Keycloak.

If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.

Installation — Previous
SSO with Google
Next — Installation
SSO with Okta