Active directory integration

Owned by Shaikh Hafiz Ahamed
Last updated: 19.10.2023 by Ashrafuzzaman Purno
3 min read

A. Active directory user import setup

  1. Create a User federation by going to User federation from the left menu and clicking the Add Ldap providers button

3. After adding the provider open the provider and Sync, remove and unlink users by selection options from the top-right Action menu

Findings:

a. Couldn’t find any way of setting up AD groups with Asta access

b. By default, it gets default-roles-archive-manager, offline_access, uma_authorization

c. It’s possible to connect with multiple AD instances by creating multiple user federations.

B. Azure active directory single sign-on setup

  1. Create a client secret by clicking “New client secret” and persist the secret value for later use

     

  2. Select Identity providers from the left menu. Then click the OpenId Connect v1.0 button

     

  3. Copy redirect Uri and paste it in step 4.

4. Paste redirect uri from step 3 following the below image

5. Add application directory client-id from Azure to Keycloak to import Azure settings, then click Import

https://login.microsoftonline.com/{directoryID}/v2.0/.well-known/openid-configuration

6. Add application client-id in Client ID, add client-secret in Client Secret and select client secret sent as basic auth in "Client Authentication"

7. Now you can get an option to Login with Azure active directory user.

Providing Access to Organization and Projects

By default, the users will not get access to any organizations and/or projects. In order to provide them access to certain organizations and/or projects in the Keycloak admin console go to Realm settings > User registration > Default groups

Here you can select the groups that you want the users to be members of.

For example, to provide the users' ARCHIVIST access to the project isadg, choose the group am|project|isadg|ARCHIVIST from available groups.