Configure Authentication - LDAP / SSO

Overview

If you have successfully installed IDHub and registered yourself, you are ready to "Get Started" with IDHub!

Passwords are slowly becoming obsolete! With that being said, we are implementing a no password policy, for all our clients, while using IDHub.

If you wish to add an Identity Provider through which login can be authenticated, and your users won't need credentials for another application, this document will help. It assists with IDHub setup authentication, and provides direct login, without the hassle of going through a password entering mechanism.

IDHub Provides Authentication Via:

  • LDAP Authentication
  • Active Directory Authentication
  • Google Authentication
  • Microsoft Authentication
  • LinkedIn Authentication
  • PayPal Authentication
  • Twitter Authentication
  • Facebook Authentication
  • GitHub Authentication
  • GitLab Authentication
  • Bitbucket Authentication
  • OpenShift Authentication
  • StackOverflow Authentication

*Note - This authentication is not mandatory. You can use default credentials to manage IDHub users. The above options are preferred authentication modes, which are commonly used in organizations.

Need more help?

Folks at IDHub are ready to support you.

Ask the IDHub Team

How do I enter into the configuration section?

There are two ways to enter the configuration section within IDHub:

  1. Quick Start Wizard - SSO Page
  2. Admin Settings - Authorization Section

Method 1: 

  • Login to IDHub with valid credentials of the Administrator
  • Open Quick Start Wizard from Dashboard (if not opened directly)
  • Navigate to Keycloak Administration section

  • Click on Keycloak Administration button to navigate to Keycloak page

Method 2: (Will come as part of 20.3.0 IDHub Version)

  • Login to IDHub with valid credentials of the Administrator
  • Navigate to Left Menu section by clicking on any admin functionality
  • Click on Authorization section in the Admin Settings page
  • Click on modify button in the section to navigate to Keycloak Administration section

*Note - both of the above places will redirect you to the Keycloak administration page.


What things can I do in the Keycloak Administration?

Below are a few options which can be completed in Keycloak Administration:

  • Add New Identity Provider and verify in login page
  • Add New User Federation and verify in login page (For LDAP Configuration)
  • Add Authentication for user registration process
  • Manage users of IDHub
    • Add new user manually
    • Unlock/ lock user
    • Delete a user

Identity Provider

Apart from LDAP and  kerberos authentication, all other forms of authentication for login, can be added via addition of an identity provider. This feature helps an administrator setup authentication for login, via those identity providers.

User Federation

LDAP and kerbeos authentication can be added via this feature. To configure authentication LDAP/SSO, please refer here: Configure Authentication - LDAP / SSO

Authentication

Administrators can choose from two different options for User Registration, which IDHub follows. This section can help perform those functions.

Users

Managing users in Keycloak is easy to do, and user friendly. The functions that can be performed are:

  • Adding new users in Keycloak
  • Remove a user from Keycloak
  • Unlock/lock user from Keycloak

Can you walk me through an LDAP Authentication process?

If you wish to add LDAP as an authentication source for IDHub, you would need to do the following:

Prerequisite

  • Admin credentials for IDHub

Process

  • Navigate to Keycloak Administration section
  • Click on User Federation from the Left Panel
  • Choose LDAP from the drop-down menu
  • You will be redirected to "Add User Federation Provider section"
  • Fill in required information mentioned in the page and save settings
  • Make relevant changes in your LDAP Application to complete the authentication process

Validation

  • Go to IDHub Login URL
  • Observe that the new login mechanism is applicable, via which the users are able to login for the organization

Can you walk me through Google Authentication process?

Keycloak Administration provides a detail document regarding other Identity Provider authentication setup.

Google Authentication Completion Explained.

For validation, navigate to the IDHub Login page, and observe if Authentication via Google is present.

How can I Remove an added Authentication mechanism? What happens if I do that?

Once added you can directly remove the Authentication from the Keycloak Administration section, by clicking on "Remove", from the respective authentication space.