OIDC concepts
Planon Universe introduces Keycloak as part of the Planon Universe Suite.
The essence of OpenID Connect is that it sends a token to the application with every request. These tokens are generated at the Keycloak service. The way a token is obtained depends on the client’s technology.
The newly introduced Keycloak service becomes the identity broker that forms the authentication layer for all Planon related components and services.
 | For Planon Cloud customers this solution is already available via the Environment management gadget. For on-premise customers this solution will be introduced in the near future. |
The Keycloak service can be connected to the Planon back-end to obtain a seamless transition for customers using the current form authentication in Planon and to store all user credentials in the Planon database.
Another option is to connect the Keycloak service to an external Identity provider to obtain a single-sign-on experience for end users. There are various protocols available to connect the external Identity provider to Keycloak, but Planon recommends OpenID Connect.