Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

A. Active directory user import setup

  1. Create an user federation by selecting “LDAP” from the dropdown at the top right corner

2. Fill the following fields

3. Sync, remove and unlink users by cliking following buttons.

Findings:

a. Couldn’t found any way of setting up AD groups with Asta access

b. By default it gets default-roles-archive-manager, offline_access, uma_authorization

c. It’s possible to connect with multiple AD instances by creating multiple user federation.

B. Azure active directory single sign-on setup

  1. Create a client secret by clicking “New client secret” and persist secret value for later use

  2. Select identity providers from left menu. Then select OpenId Connect v1.0 from top right corner drop-down list

  3. Cope redirect Uri and paste it following the step 4.

4. Paste redirect uri from step 3 following below image

5. Add application directory client id from azure to keycloak to import azure settings then click import

6. Add application client id in “Client ID”, add client secret in “Client secret” and select client secret sent as basic auth in “Client Authentication”

7. Now you can get an option to login by azure active directory user.

Providing Access to Organization and Projects

By default, the users will not get access to any organizations and/or projects. In order to provide them access to certain organizations and/or projects log in to Keycloak admin console then go to Groups > Default Groups

Here you can select the groups that you want the users to be members of.

For example to provide the users' ARCHIVIST access to project a5, choose the group am|project|a5|ARCHIVIST from available groups.

  • No labels