Identity Provider

The Identity Provider button opens the dialog to configure an Identity Provider using Keycloak integration. This is used to import users from Active Directory or other identidy provider configured in Keycloak.

The following dialog is opened:

Token URI: It is recommended to run Keycloak on the management server do the host is 127.0.0.1 by default using port 8080 (default for keycloak). This URI is to get an access token for the 'realm' (bold) configured in keycloak. This can be different depending on keycloak configuration:
- http://127.0.0.1:8080/auth/realms/sense/protocol/openid-connect/token
Query URI: It is recommended to run Keycloak on the management server do the host is 127.0.0.1 by default using port 8080 (default for keycloak). This URI is to retrieve the users in the 'realm' (bold) configured in keycloak. This can be different depending on keycloak configuration:
- http://127.0.0.1:8080/auth/admin/realms/sense/users?max=10000
Client ID: ClientID configured in Keycloak
Client Secret: Client Secret configured in keycloak for the Client ID
IMPORTANT: all fields are case sensitive

If these settings are configured correctly the '+' button to add user will have an extra option to add users from the identity provider:

Selecting ‘Identity Provider' will open the following dialog:

These are the users available in Keycloak which could be added to the VDG Sense userlist. Double-click on a user will add the user to the userlist:

It is in bold to highlight that this user is from an external identity provider. These users can also be added to user groups just like normal VDG Sense users. Password cannot be changed because that is defined within the Identity Provider. It can be given administrator rights if required.