Create a Tenant with a dedicated SSO Realm

This guide outlines the steps to register a new Tenant with a Tenant Admin user in the Self-Service. In addition, you will also be able to create a dedicated Realm in Keycloak that can be used to configure the Identity Provider or create multiple users that belong to the same Tenant.

Prerequisites

  • You should be able to access the Keycloak Admin console

  • The local realm should be available in your Keycloak. In case it is absent, follow the steps regarding the creation of the Local Realm

Register a new Tenant and User in the Self-Service

  1. Log into the Self-Service interface via the following URL: https://[governance-domain]/login/local. The following screen will be shown

    Keycloak - landing page

  2. Press the Register button

    Keycloak - register user form

  3. Fill the form and press the Register button

  4. Enter the Organization Name and Organization Short Name of to the Tenant you want to create and press the Continue button

    Axual Governance - environments, instances and clusters
    You should see a screen like above. The First Name and Last Name should be already set as provided in the registration form.

You have now registered a Tenant and a Tenant Admin user in the Self-Service.

You will be redirected to the Self-Service where you can view and manage your Tenant resources. You can also verify that the current user has the Tenant Admin role by opening the profile page.

Click on the profile circle and then on the My Profile button.

Keycloak - register user form
The Tenant Admin user is able to create the Cluster and Instance resources in the Self-Service.

Create and Configure your SSO Realm

Only if your tenant has a dedicated Realm, you can rely on an Identity Provider to authenticate your users.

You can follow the steps to create of a SSO Realm

Once your SSO Realm has been created, follow these steps to configure an Identity Provider.

  1. Access the Keycloak Admin Console

  2. Open your SSO Realm

  3. Go to the Identity Providers section

  4. Select the identity provider available in your Organization and provide the required details.

Once your SSO Realm has been configured with the identity providers, any users can log into the Self-Service using your identity providers.

By default, any new user in the Self-Service gets Application Author, Environment Author and Topic Author roles.

More roles can be assigned by the Tenant Admin user.

Local and SSO Realm Users

To access the Self-Service, you would be able to use the Local or the SSO realm based on where the user is defined.

The Tenant Admin user registered before will always be available in the Local Realm, so you can use the https://[governance-domain]/login/local URL to log in.

Any users defined in your Identity Provider will be available in the SSO Realm, so they can use the https://[governance-domain]/login/<realm-name> URL to log in.

Both users will exist under the same Tenant in the Self-Service.