Skip to main content
Version: 5.11.0

How to Set Up Single Sign-On (SSO)

As a Structsure Enterprise administrator (admin), you can set up authentication and authorization with username and password or configure single sign-on (SSO) for any of the applications (apps). There are several SSO solutions you can choose from, based on your organizational requirements and use case. This document is a quick-reference guide on how to configure SSO using Keycloak as an SSO solution.

Requirements

To set up Keycloak SSO with Structsure Enterprise, ensure you have the following:

  1. Kubernetes cluster with Structsure Enterprise deployed
  2. Identity provider of choice (refer to Keycloak documentation)
  3. Client ID and Client Secret

SSO with Structsure Enterprise Using Keycloak

Keycloak is an open source identity and access management (IAM) solution for modern applications and services. Big Bang provides support for Keycloak as an add-on package to integrate with any of the apps. The following sections discuss how to enable and configure Keycloak SSO for your Structsure Enterprise apps. However, for more detailed steps, please refer to the official Keycloak documentation.

Keycloak Installation

Big Bang provides support for Keycloak as an add-on package. As such, you can install Keycloak using the Big Bang Helm Chart. However, you can modify the Keycloak installation by providing the necessary configuration parameters and using the values.yaml file or the --set flag. Refer to this link for the helm chart and default values.

The following are a few important configuration options to consider:

  1. Set the admin username and password for Keycloak, which you would use to access the Keycloak console.

  2. Set up the ingress gateways.

  3. Choose the database option for Keycloak, such as using the default PostgreSQL database or an external one, such as MySQL. Refer to the chart documentation for the specific configuration options.

  4. Configure the SSO client.

    a. Log into the Keycloak admin console and create a new realm or use the existing realm.

    b. Configure the client app by specifying the necessary details, such as the client protocol (e.g., OpenID Connect), redirect URIs, and client credentials (Client ID, Client Secret, etc.).

    Note: Configure Keycloak SSO for each of the apps you want to leverage SSO.

Example SSO Config for Argo CD

You can set up SSO for Argo CD by providing the required Big Bang values that enable SSO and the required configs for the app, as shown below:

    sso:
      # -- Toggle SSO for Argo CD on and off
      enabled: false

      # -- Argo CD OIDC client ID
      client_id: ""

      # -- Argo CD OIDC client secret
      client_secret: ""

      # -- Argo CD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
      groups: |

Note: This document is a quick-reference guide. Please follow the Keycloak documentation, or any other SSO solution, to complete the integration with your apps.