Skip to content

Keycloak authentication

keycloak Keycloak is an IAM (Identity and Access Management) tool. It is used for SSO (Single Sign-On) which means that identification is delegated to Keycloak.

The authentication in all Caascad services is handled by Keycloak.

Note

In this tutorial, please replace the following values:

  • ZONE_NAME with the name of the administrative zone (it starts with ocb-).

Keycloak access

In your administration environment, Keycloak service is located at this address: 

https://keycloak.ZONE_NAME.caascad.com

First Login

When you try to authenticate for the first time, you will need to set your password using this URL:

https://keycloak.ZONE_NAME.caascad.com/auth/realms/ZONE_NAME-client/account/

First, click on "Forget Password ?"

Enter your Username or e-mail.

An e-mail with password reset instructions will be sent to you shortly.

Click on "Link to reset credentials" to set your password.

Enter a strong password.

And now you are ready to discover Caascad services !

Management console

When you login to your Keycloak account using this same URL:

https://keycloak.ZONE_NAME.caascad.com/auth/realms/ZONE_NAME-client/account/

You will access to an account management console where you can manage your account. You can update your profile, change passwords, and setup two-factor authentication.

You can also manage sessions as well as view history for the account.

Sessions managment

  • Click on "Sessions" to view all active sessions.

  • To force all of the active sessions to end immediately click on "Log out all sessions".

Two-Factor Authentication

You can strengthen the authentication security of your Keycloak account by adding another factor such as the OTP (one-time password) generated by Google Authenticator or FreeOTP.

Setup the Two-Factor Authentication

Info

The example below shows FreeOTP.

  • Download and Install FreeOTP application.

  • Scan the QR code displayed on your Keycloak account management console.

  • You can now use FreeOTP to generate OTPs.

  • Retrieve the code displayed in the application.

  • Provide the code generated by the application and click on "Save" to finish the setup.

  • The Two-Factor Authentication is now configured on your account.

Authentication using OTP

The next time you log into your account, you will need to provide a One-time code (using your mobile Application) upon the completion of the username/password authentication.