A. Active directory user import setup
Create
...
a
User federationby
...
going to
User federationfrom the
...
2. Fill the following fields
...
...
left menu and clicking the
Add Ldap providersbutton
...
3. After adding the provider open the provider and Sync, remove and unlink users by cliking following buttons.
...
selection options from the top-right Action menu
...
Findings:
a. Couldn’t found find any way of setting up AD groups with Asta access
b. By default, it gets default-roles-archive-manager, offline_access, uma_authorization
c. It’s possible to connect with multiple AD instances by creating multiple user federationfederations.
B. Azure active directory single sign-on setup
Create a client secret by clicking “New client secret” and persist the secret value for later use
Select
...
Identity providersfrom the left menu. Then
...
click the
OpenId Connect v1.0
...
...
button
Copy redirect Uri and paste it
...
in step 4.
...
4. Paste redirect uri from step 3 following the below image
...
5. Add application directory client-id from azure Azure to keycloak Keycloak to import azure Azure settings, then click import
...
Import
https://login.microsoftonline.com/{directoryID}/v2.0/.well-known/openid-configuration
...
6. Add application client-id in “Client ID” Client ID, add client-secret in “Client secret” Client Secret and select client secret sent as basic auth in “Client Authentication”
...
"Client Authentication"
...
7. Now you can get an option to login by azure Login with Azure active directory user.
...
Providing Access to Organization and Projects
By default, the users will not get access to any organizations and/or projects. In order to provide them access to certain organizations and/or projects in the Keycloak admin console go to Realm settings > User registration > Default groups
...
Here you can select the groups that you want the users to be members of.
For example, to provide the users' ARCHIVIST access to the project isadg, choose the group am|project|isadg|ARCHIVIST from available groups.