Single sign-on
Set up single sign-on with OpenID Connect for your private cloud
読み終わるまでの所要時間 1 分最終更新 2 hours ago
Overview
Streamline the management of users in Virtual Private Cloud with single sign-on (SSO) and just-in-time (JIT) provisioning. Unity Virtual Private Cloud implements SSO through an enterprise identity provider (IdP) using the OpenID Connect (OIDC) protocol. You can use any OIDC-compliant IdP.Just-in-time provisioning
Keycloak's JIT provisioning mechanism provides these automated features:- Creation of the user account on the first sign-in. You don't need to manually create users. This automated step reduces administrative overhead and enhances the user experience.
- Population of user attributes. When setting up SSO, you set predefined mappers in Keycloak to automatically populate, on the first sign-in, user attributes from an external IdP or from Keycloak's user store.
-
Assignment of user roles and user groups.
To grant appropriate permissions to users on the first sign-in, configure Keycloak to automatically perform these operations based on the user attributes:
- Assign specific roles
- Add users to groups
- Virtual Private Cloud redirects, through the OIDC protocol, the new user to their IdP, to sign in.
- The IdP returns the user details to Keycloak.
- Keycloak sends these details to Virtual Private Cloud in the form of claims.
- Virtual Private Cloud uses these claims to create the user account on the fly.