OpenID Connect (Keycloak)

Single sign-on or SSO is an authentication method that allows users to securely authenticate to multiple applications and sites at once using a single set of credentials.

SSO is based on setting up a trust relationship between an application, known as a service provider, and an access control system. For example, Google SSO or Keycloak.

1. Add a new realm in Keycloak in the administration section (or use an existing one).

2. Add a new client.

3. In the new client settings, enter the Client ID (arbitrary name, will be needed on the FlowFast side in the next steps).

4. In the Access type field, select - confidential

5. In Valid Redirect URIs add your domain in FlowFast + /auth/oidc/callback)

https:// YOUR_DOMAIN.flowfast.io/auth/oidc/callback

6. Under Credentials, copy Secret. You will need it further in the settings inside FlowFast.

7. Under Users, press "Add user".

Fill in your user data and password.

8. Under Realm settings — General, copy the OpenID Endpoint Configuration link. You will then need to paste it into the FlowFast identityMetadata field

9. Go to FlowFast under "Company settings" and fill in the fields "Domains", "inentityMetadata", "clientID", "clientSecret".

• Domains — your domain in FlowFast

• identityMetadata — copied reference from step 8.

• clientID - the arbitrary ID you specified in step 3.

• clientSecret - the code from item step 6.

10. Save the settings you have entered and press the "Test Authorization" button.

11.  You will be redirected to the Keycloak page.

    Fill in the required fields and click "Sign In".

If the authorization is successful, you will see "Success!"

12. Go back to the FlowFast tab in Company Settings and activate the new authorization method.

Done!