Note: These instructions are applicable only to CalypsoAI On-Premise users
Introduction
Identity providers (IdPs) allow CalypsoAI to use existing external accounts for authentication. CalypsoAI supports multiple IdPs. Here, we use Google Single Sign-On (SSO) setup as an example.
The instructions below describe how to set up a project using Google as an IdP and how to retrieve the client ID and secret for CalypsoAI. After setup, users may log into CalypsoAI using their Google account.
Retrieve the Keycloak Redirect URI
Step 1. Log into Keycloak and Navigate to your realms Identity provider configuration section
Go to {your-domain}/auth
Log in with the admin user.
Switch the realm from master to your organization's realm.
Using the left hand navigation bar, click the “Identity providers” option.
Step 2. Retrieve the Redirect URI for Google
Click “Add Provider” and select “Google” from the dropdown.
You’ll be navigated to the “Add Google Provider” page.
Copy the shown “Redirect URI” in the top field.
Create Google OAuth Client
Step 1. Create a project and configure a consent screen in Google Cloud Platform (GCP):
Go to https://console.cloud.google.com/ and follow the prompts to create a new project.
Go to https://console.cloud.google.com/apis/credentials/consent and follow the prompts to configure a consent screen.
Step 2. Establish your credentials:
Click + CREATE CREDENTIALS and select OAuth client ID
Choose Web application as Application type and give it a name.
You may add multiple domains for a single Google project. Add the Redirect URL retrieved from Keycloak under Authorized redirect URIs for each domain, e.g.
{your-domain}/auth/realms/{realm}/broker/google/endpoint
Click CREATE
Save the provided Client ID and Client Secret in your preferred password manager.
CalypsoAI will use the saved ID and secret as the environment variables OIDC_IDP_CLIENT_ID and OIDC_IDP_CLIENT_SECRET. Set the OIDC_IDP_ISSUER variable tohttps://accounts.google.com.