Keycloak

You already use your SSO to conveniently manage permissions to applications; now you can also use it to manage permissions to your datasources following these simple steps.

  1. Add a client: In your Keycloak console, click Clients then Create.

  2. Enter basic information: Put a name like sdm or strongdm in Client ID (this will be needed later on), choose openid-connect as Client Protocol, and for Root URL fill in https://app.strongdm.com. Click Save. "Configure credentials"

  3. Enter Details: In the next window, ensure Client Protocol is openid-connect, set Access Type to confidential, and fill in the following URLS under Valid Redirect URIs: https://app.strongdm.com/auth/return and https://app.strongdm.com/auth/return/. Other fields are optional and can be set as you prefer. Click Save.

    "Enter details"

  4. Record the Client Secret: Click the Credentials tab and copy the string in the Secret field. You will need this in the next step.

    "Record client secret"

  5. Enter the account details in strongDM: In the strongDM app, go to “Settings” -> Authentication, choose OpenID Connect from the drop down menu and add your URL (Add /auth/realms/<realmname> to your Keycloak base URL), Client ID, and Client Secret as shown. Click Activate.

    "Configure Keycloak in strongDM"

  6. Verify users in Keycloak: Ensure that all users in strongDM exist in Keycloak.

  7. If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.