Overview
When a Cloud environment is delivered, the following way of authentication is the default configuration.
| This configuration is also the default on-premise configuration; it uses form authentication for the Planon environment. |
Keycloak
Enabling Single Sign On (SSO) on a Cloud environment introduces Keycloak authentication. Keycloak can be configured to use different authentication sources.
By default, the authentication via Keycloak is configured as follows.
| This configuration needs to be adjusted by the customer according to the customer's specific (security) requirements. The default configuration only contains the supervisor user to be able to log in to Planon. |
The following diagram shows the possible configuration options for authenticating users.
This includes the configuration that needs to be applied by the customer.
The customer can choose to:
• Add accounts to the Keycloak database for users to authenticate against Keycloak.
• Add Planon provider in Keycloak under User federation.
This way, users authenticate against the account in Planon database via Keycloak
• Add a external IDP under Identity Providers in Keycloak.
This way, users authenticate against the external IDP of the customers choice via Keycloak.
| This is the recommended solution. |