Create an user federation by selecting “LDAP” from the dropdown at the top right corner
...
2. Fill the following fields
...
...
A. Active directory user import setup
Create a
User federation
by going toUser federation
from the left menu and clicking theAdd Ldap providers
button
...
3. After adding the provider open the provider and Sync, remove and unlink users by cliking following buttons.
...
5. selection options from the top-right Action menu
...
Findings:
a. Couldn’t found find any way of setting up AD groups with Asta access
b. By default, it gets default-roles-archive-manager, offline_access, uma_authorization
c. It’s possible to connect with multiple AD instances by creating multiple user federationuser federations.
B. Azure active directory single sign-on setup
Create a client secret by clicking “New client secret” and persist the secret value for later use
Select
Identity providers
from the left menu. Then click theOpenId Connect v1.0
buttonCopy redirect Uri and paste it in step 4.
...
4. Paste redirect uri from step 3 following the below image
...
5. Add application directory client-id
from Azure to Keycloak to import Azure settings, then click Import
https://login.microsoftonline.com/{directoryID}/v2.0/.well-known/openid-configuration
...
6. Add application client-id in Client ID
, add client-secret in Client Secret
and select client secret sent as basic auth in "Client Authentication"
...
7. Now you can get an option to Login with Azure active directory user.
...
Providing Access to Organization and Projects
By default, the users will not get access to any organizations and/or projects. In order to provide them access to certain organizations and/or projects in the Keycloak admin console go to Realm settings > User registration > Default groups
...
Here you can select the groups that you want the users to be members of.
For example, to provide the users' ARCHIVIST
access to the project isadg
, choose the group am|project|isadg|ARCHIVIST
from available groups.