Keycloak Integration
Cloudesire supports Keycloak for providing additional capabilities:
- Single-Sign On
- Identity Brokering and Social Login
- User Federation (to connect to existing LDAP or Active Directory servers)
- MFA via a one-time passcode
Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers.
Integration Specifications
Keycloak manages the users credentials, while the user roles are still managed by Cloudesire.
When the Keycloak module is active:
- the native marketplace login forms are replaced by the Keycloak login page
- on the Cloudesire database, each user entity has an attached "Keycloak ID" (without storing any credentials)
- Keycloak validates the users credentials; when a user is authenticated by Keycloak, his "Keycloak ID" is forwarded to the Cloudesire backend, that automatically can authenticate the corresponding user.
From the user-experience perspective, customers can:
- login to the marketplace/dashboard interfaces by using the Keycloak login form
- self-register to the marketplace, and behind the scenes a corresponding Cloudesire account will be created if not already existing (the matches are made by considering the users' emails)
Other kind of users (vendors, resellers, etc) must be previously registered in Cloudesire, then at the first login on Keycloak, the platform matches the 2 entries by using the users emails.
MFA
Keycloak OTP (One-Time Password) is a two-factor authentication mechanism that adds an extra layer of security to your Keycloak authentication process. It requires users to provide a time-sensitive code generated by an authenticator application, in addition to their regular credentials. This ensures that even if the user's password is compromised, unauthorized access can be prevented. Keycloak OTP can be easily configured and integrated with various authenticator apps like Google Authenticator, Authy, and others, enhancing the overall security of your applications.