Search results

Keycloak support for SSO authentication

Keycloak is an open-source identity and Access Management solution designed for modern applications and services.

This section explains how to perform Single Sign-On for users in Keycloak with the Bold BI application using Open ID Connect.

How to register the Bold BI application in Keycloak

NOTE: This configuration has to be done on the Keycloak website.

Prerequisites

  • An admin account in Keycloak.
  • Install the Bold BI application.

Steps to register the Bold BI application

  1. Log in to the Keycloak website with an admin account.

    Keycloak Admin console

  2. Navigate to the Security admin console, then to the Clients page and, select the Create option.

    Keycloak Client Option

  3. On the Add Client page, enter the client id and select the Client protocol as openid-connect, then click Save.

    Keycloak Application Page

  4. Once the client has been created, please configure the following in the settings section and save the changes.

    Keycloak Settings Option

    Keycloak Settings

Access Type Set access type to confidential.
Implicit Flow Enabled On
Valid redirect URIs URL Format: https://{domain}/signin-oidc

Example: https://example.com/signin-oidc

Note: The Redirect URI is found under the OpenID Connect settings of your Bold BI application, as in the following screenshot.

After successful registration with Keycloak, save these settings in the Bold BI settings page to enable this authentication.

Enable Keycloak authentication support in Bold BI

Configure the settings in Bold BI as shown in the following screenshot to enable the authentication using Keycloak.

Keycloak Bi Settings

The fields to be saved in the Bold BI to enable the Keycloak for authentication are explained as follows.

Enable Open ID Connect Enabled
Provider Name It represents the name of the authentication provider to be displayed on the login page.
Provider Logo It represents the logo of the authentication provider to be displayed on the login page.
Authority It must be the URL of your Keycloak instance.

URL format: https://{host}/auth/realms/{realm}

Note:The Authority URL only accepts HTTPS, and Keycloak should be configured in HTTPS.
Client ID The Client ID is the one you get after registering the Bold BI application on the Keycloak website.

Note: Client ID is available in the Clients page on the Keycloak website.
Client Secret The Client Secret is the one you get after registering the Bold BI application on the Keycloak website.

Note: Client Secret is available in the Credentials section of the Client details page.
Identifier The Bold BI application requires an email address to login to the application.

So, please set the identifier as email.

Note: All accounts in Keycloak should have a valid email address.
Logout Endpoint It is the endpoint in the Keycloak website that signs the user out.

Login with Keycloak

  1. Go to the login page and select the Keycloak option to log in.

    Keycloak Bi Login Option

  2. Fill in the username and password in the Keycloak login screen and sign in.

    Keycloak Bi Login