Keycloak
From Planfix
Integration with Keycloak allows your company's employees to sign in to Planfix using a single password SSO. This simplifies authorization, improves security, and makes account administration easier.
Steps to configure Single Sign-On (SSO)
Steps in Planfix
- Go to Account management — Integrations — Single Sign-On.
- Enable the Keycloak integration.
Steps in Keycloak
- Open the Keycloak admin console in a new tab.
- Create or select an existing Realm.
- Go to Clients → Create client.
- Specify the following parameters:
- General Settings:
- Client type: SAML
- Client ID: copy from the integration settings in Planfix
- Name: Planfix SAML APP
- Description: Planfix SAML APP
- Always display in UI: On
- Login Settings:
- Root URL: copy from the integration settings in Planfix
- Home URL: copy from the integration settings in Planfix
- Valid redirect URIs: copy from the integration settings in Planfix
- Valid post logout redirect URIs: (leave empty or configure as needed)
- IDP-Initiated SSO URL name: (optional)
- IDP Initiated SSO Relay State: (optional)
- Master SAML Processing URL: (optional)
- General Settings:
- After creating the client, go to its settings and set:
- Settings — SAML capabilities:
- Name ID format: email
- Signature and Encryption:
- Sign documents: On
- Keys — Signing keys config:
- Client signature required: Off
- Settings — SAML capabilities:
Final step
- Return to Planfix and fill in the Metadata URI field in the Keycloak integration settings.
https://{KEYCLOAK-URL}/realms/{REALM-NAME}/protocol/saml/descriptor
Replace the variables {KEYCLOAK-URL} and {REALM-NAME} with values from your Keycloak.
Important
- Make sure users have access to the corresponding application in Keycloak.
- On first authorization, a new account will be created automatically via JIT (Just-In-Time provisioning).