Single sign-on
Set up single sign-on with OpenID Connect for your private cloud
읽는 시간 1분최근 업데이트: 하루 전
Overview
Streamline the management of users in Self-Hosted Deployment with single sign-on (SSO) and just-in-time (JIT) user provisioning. Self-Hosted Deployment implements SSO through an enterprise identity provider (IdP) using the OpenID Connect (OIDC) protocol. You can use any OIDC-compliant IdP.Just-in-time provisioning
Keycloak's JIT provisioning mechanism provides these automated features:- Creation of the user account on the first sign-in. You don't need to manually create users. This automated step reduces administrative overhead and enhances the user experience.
- Population of user attributes. When setting up SSO, you set predefined mappers in Keycloak to automatically populate, on the first sign-in, user attributes from an external IdP or from Keycloak's user store.
- Self-Hosted Deployment redirects, through the OIDC protocol, the new user to their IdP, to sign in.
- The IdP returns the user details to Keycloak.
- Keycloak sends these details to Self-Hosted Deployment in the form of claims.
- Self-Hosted Deployment uses these claims to create the user account on the fly.