Documentation
Demos
Support
Blog
Start Free Trial
Search results

Keycloak support for SSO authentication

Keycloak is an open-source identity and access management solution designed for modern applications and services.

This section explains how to perform Single Sign-On for users in Keycloak with the Bold BI application using OpenID Connect.

NOTE: This feature is available in Bold BI Embedded Analytics, but not in Cloud Analytics Server.

How to register the Bold BI application in Keycloak

NOTE: This configuration needs to be done on the Keycloak website.

Prerequisites

  • An admin account in Keycloak.
  • Install the Bold BI application.

Steps to register the Bold BI application

  1. Login to the Keycloak website using an admin account.

    Keycloak Admin console

  2. Please navigate to the Security admin console, then go to the Clients page and select the Create option.

    Keycloak Client Option

  3. On the Add Client page, enter the client ID and select the Client protocol as openid-connect, then click Save.

    Keycloak Application Page

  4. Once the client has been created, please configure the following in the settings section and save the changes.

    Keycloak Settings Option

    Keycloak Settings

Access Type Set access type to confidential.
Implicit Flow Enabled On
Valid redirect URIs URL Format: https://{domain}/signin-oidc

Example: https://example.com/signin-oidc

Note: The Redirect URI is found under the OpenID Connect settings of your Bold BI application, as in the following screenshot.

After successfully registering with Keycloak, save these settings on the Bold BI settings page to enable this authentication.

Enable Keycloak authentication support in Bold BI

Configure the settings in Bold BI as shown in the following screenshot to enable authentication using Keycloak.

Keycloak Bi Settings

The fields that need to be saved in Bold BI in order to enable Keycloak for authentication are explained as follows.

Enable Open ID Connect Enabled
Provider Name It represents the name of the authentication provider to be displayed on the login page.
Provider Logo It represents the logo of the authentication provider to be displayed on the login page.
Authority It must be the URL of your Keycloak instance.

URL format: https://{host}/auth/realms/{realm}

Note:The Authority URL only accepts HTTPS, and Keycloak should be configured in HTTPS.
Client ID The Client ID is the one you get after registering the Bold BI application on the Keycloak website.

Note: Client ID is available in the Clients page on the Keycloak website.
Client Secret The Client Secret is the one you get after registering the Bold BI application on the Keycloak website.

Note: Client Secret is available in the Credentials section of the Client details page.
Identifier The Bold BI application requires an email address to login to the application.

So, please set the identifier as email.

Note: All accounts in Keycloak should have a valid email address.
Logout Endpoint It is the endpoint in the Keycloak website that signs the user out.

Login with Keycloak

  1. Please navigate to the login page and choose the Keycloak option to log in.

    Keycloak Bi Login Option

  2. Fill in the username and password on the Keycloak login screen and then proceed to sign in.

    Keycloak Bi Login

Previous
Next