This step-by-step guide shows you how to set up keycloak as an identity provider for Entra ID Single Sign-on (SSO).
Tabela de conteúdos
Single Sign-On (SSO) makes logging into multiple applications easier and safer. SSO allows users to authenticate once and access everything without needing to sign in again.
This guide explains how to configure to enable SSO via with Microsoft Azure Active Directory (Entra ID).
Our goal is to help you set up authentication to work smoothly with Entra ID, ensuring users can log in seamlessly and securely. We’ll keep things clear and straightforward.
What You’ll Need
Before starting, make sure you have:
- An Entra ID tenant with administrative access
- Basic knowledge Entra ID admin panels
- Access to a browser for testing
Why Use Entra ID?
Entra ID (renamed Microsoft Azure AD) is widely used for enterprise user management. Combining this with our authentication allows your application to use Entra ID’s secure user database while leveraging our authentication component (Keycloak) for SSO and role management.
This setup is especially useful for businesses that want unified login experience across multiple platforms.
Step 1: Understand the SSO Flow
Here’s how the SSO process works in simple terms:
- A user tries to access Tridens Monetization or Tridens EV Charge application.
- The app redirects them to Keycloak.
- Keycloak checks if the user is logged in. If not, it sends them to Entra ID’s login page.
- The user enters their Entra ID credentials (like email and password).
- Entra ID verifies the user and sends authentication details back to Keycloak.
- Keycloak issues a token to the application, allowing the user to access it without logging in again.
- User roles from Entra ID groups can be used to control what the user can do in the app.
This flow ensures secure and smooth access while keeping user data managed in Entra ID.
Step 2: Azure App Configuration
- Create new Azure app. Create a new App registration from portal.azure.com selecting support for Multiple organizations when asked. You can find App registration in search.
- Click New registration.
- Fill in App details
Once the app is created, Azure will show you the Application (client) ID. Copy this value—you’ll need it later.
- Next, go to Certificates and Secrets and create a new client secret. Save the generated value securely; it will also be used in Keycloak.
- Go back to the app details page and click Endpoints. Copy the OpenID Connect metadata document URL. This will be important for Keycloak’s configuration later.
Step 3: Adding Identity Provider (IdP)
- Add IdP in Tridens Monetization by going to Business portal > Security > Identity providers.
- Fill in the form with Discovery endpoint, Client ID (this is Application (client) ID in Azure) and Client Secret (this is Value from Azure) using values obtained in previous steps.
- Add the OpenID Connect metadata document URI under Discovery endpoint field.
Step 4: Test Your Keycloak and Entra ID SSO Setup
To make sure authentication works correctly via Entra ID Single Sign-On (SSO) integration, follow these steps to test the login process. This will confirm that users can log in smoothly using their Entra ID credentials.
- Open your browser and go to your Tridens Monetization portal (logout if you are already logged in).
You should see a login page like the one below.
- On the login page, click the “Microsoft” button.
This will redirect you to the Microsoft Entra ID login page.
- Log In with Microsoft Credentials. Enter your Microsoft Entra ID username and password.
If this is your first time logging in, you may see a permission request asking you to allow the app to access your account. Click “Accept” to continue.
- Check the Result
After accepting, you should be redirected to a profile page in the Keycloak account console.
Seeing this page means the SSO integration is working correctly.
Resolução de Problemas
If you don’t see the Entra ID login page, double-check your Identity Provider settings.
Ensure your Entra ID credentials are correct and that the user has access to the app. If the profile page doesn’t appear, verify the redirect URI in Keycloak matches your app’s settings.
Tips for Success
- Test Thoroughly: Try logging in with different accounts.
- Check Documentation: Refer to Entra ID docs if needed.
- Backup Configurations: Save your Entra ID settings.
Integrating Tridens Monetization with Entra ID for SSO simplifies user authentication for your web application while leveraging Entra ID’s robust user management.
By following these steps, you can set up a secure and efficient login system.
