Skip to main content
Skip table of contents

MFA and SSO Configuration

Multi Factor Authentication - MFA

We use Keycloak as identity and access management solution for web UIs and specific APIs, which by default requires email verification and multi-factor authentication using authentication applications like Google Authenticator, Microsoft Authenticator, or Password Managers like 1Password.

Identity Providers - IDP

Keycloak supports Single Sing-On (SSO) using OpeID Connect (OIDC), SAML 2.0 and Kerberos protocols to allow connections with external identity providers like Microsoft Entra ID, Google Identity Platform (GIP) and many others, Also personal social network connections like Google, Github or Facebook are supported. In these cases the MFA is delegated to the identity provider used for the login.

Supported Protocols and Social Connections

Here a list of configurable protocols and social connections:

image-20250224-141411.png

We also provide a secure proxy to support SSO and MFA with UIs like Kibana witch not provide SSO connections.

SSO with Identity providers

To be able to configure your organization identity provider you will need administrative access permissions.

We will provide you with …

  • Callback/Redirect URL

  • Login URL

After configuring your IDP, you will share with us in a secure way …

  • Client ID

  • Client Secret

  • OIDC Discovery URL

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.