OIDC concepts
Planon Universe introduces Keycloak as part of the Planon Universe Suite.
The essence of OpenID Connect is that it sends a token to the application with every request. These tokens are generated at the Keycloak service. The way a token is obtained depends on the client’s technology.
The newly introduced Keycloak service becomes the identity broker that forms the authentication layer for all Planon related components and services.
 | For Planon Cloud customers this solution is already available via the Environment management gadget. For on-premise customers this solution will be introduced in the near future. |
Options
• You can connect the Keycloak service to the Planon back-end to obtain a seamless transition for customers using the current form authentication in Planon and to store all user credentials in the Planon database.
• You can connect the Keycloak service to an external Identity provider to obtain a single-sign-on experience for end users. There are various protocols available to connect the external Identity provider to Keycloak, but Planon recommends OpenID Connect.