SSO with Keycloak

You already use your SSO to conveniently manage permissions to applications; now you can also use it to manage permissions to your datasources following these simple steps.

1. Add a client: In your Keycloak console, click Clients then Create.
2. Enter basic information: Put a name like sdm or strongdm in Client ID (this will be needed later on), choose openid-connect as Client Protocol, and for Root URL fill in https://app.strongdm.com. Click Save.

   

3. Enter Details: In the next window, ensure Client Protocol is openid-connect, set Access Type to confidential, and fill in the following URLS under Valid Redirect URIs: https://app.strongdm.com/auth/return and https://app.strongdm.com/auth/return. Other fields are optional and can be set as you prefer. Click Save.

   

4. Record the Client Secret: Click the Credentials tab and copy the string in the Secret field. You will need this in the next step.

   

5. Enter the account details in strongDM: In the strongDM app, go to "Settings" -> Authentication, choose OpenID Connect from the drop down menu and add your URL (Add /auth/realms/<realmname> to your Keycloak base URL), Client ID, and Client Secret as shown. Click Activate.

   

6. Verify users in Keycloak: Ensure that all users in strongDM exist in Keycloak.

If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.