Flashduty Docs
中文EnglishRoadmapAPI官网控制台
中文EnglishRoadmapAPI官网控制台
  1. Integrations
  2. Single Sign-On
  • Getting Started
    • Introduction
    • Quick start
    • FAQ
    • Product Comparison
  • Incidents
    • What is an Incident
    • View Incidents
    • Handle Incidents
    • Escalations and Assignments
    • Custom Fields
    • Custom Actions
    • Alert Noise Reduction
    • Past Incidents
    • Outlier Incidents
  • Configure Flashduty
    • Channels
    • Integrate Alerts
    • Alert Noise Reduction
    • Escalation Rules
    • Label Enrichment
    • Schedules
    • Templates
    • Service Calendars
    • Preferences
    • Alert Routing
    • Silence and Inhibition
    • Filters
    • Notification Bots
    • Alert Pipeline
  • Platform
    • Teams and Members
    • Permissions
    • Single Sign-On
    • Insights
  • Advanced Features
    • Referencing Variables
    • Dynamic Assignment
  • Integrations
    • Alerts integration
      • Standard Alert Integration
      • Email Integration
      • Nightingale/FlashCat Integration
      • Prometheus Integration
      • Grafana Integration
      • Zabbix Integration
      • Uptime Kuma Integration
      • Alibaba Cloud ARMS Integration
      • Alibaba Cloud Monitor CM Event Integration
      • Alibaba Cloud Monitor CM Metrics Integration
      • Alibaba Cloud SLS Integration
      • AWS CloudWatch Integration
      • Azure Monitor Integration
      • Baidu Cloud BCM Integration
      • Huawei Cloud CES Integration
      • Influxdata Integration
      • Open Falcon Integration
      • PagerDuty Integration
      • Tencent BlueKing Integration
      • Tencent Cloud CLS Integration
      • Tencent Cloud Monitor CM Integration
      • Tencent Cloud EventBridge
      • OceanBase Integration
      • Graylog Integration
      • Skywalking Integration
      • Sentry Integration
      • Jiankongbao Integration
      • AWS EventBridge Integration
      • Dynatrace Integration
      • Huawei Cloud LTS Integration
      • GCP Integration
      • Splunk Alert Events Integration
      • AppDynamics Alert Integration
      • SolarWinds Alert Events Integration
      • Volcengine CM Alert Events Integration
      • Volcengine CM Event Center Integration
      • Volcengine TLS Integration
      • OpManager Integration
      • Meraki Integration
      • Keep Integration
      • ElastAlert2 Alert Integration
      • StateCloud Alert Events
      • Guance Alert Events
      • Zilliz Alert Events
      • Huawei Cloud APM Alerts
      • zstack integration
    • Change integration
      • Standard Change Event
      • Jira Issue Events
    • IM integration
      • Feishu (Lark) Integration Guide
      • Dingtalk Integration
      • WeCom Integration
      • Slack Integration
      • Microsoft Teams Integration
    • Single Sign-On
      • Authing Integration
      • Keycloak Guide
      • OpenLDAP Guide
    • Webhooks
      • Alert webhook
      • Incident webhook
      • Costom action
  • Terms
    • Terms of Service
    • User Agreement/Privary Policy
    • SLA
  1. Integrations
  2. Single Sign-On

Keycloak Guide

Quick Overview#

Keycloak is an open-source identity and access management solution that provides a comprehensive set of tools and features, helping developers quickly implement secure user authentication and authorization mechanisms while simplifying identity and access management processes for applications.
提示
This article does not cover Keycloak deployment and detailed explanations. For more information, please refer to the official documentation

SAML 2.0 Protocol Configuration#

1. Log in to FlashDuty Console#

1.1 Get the ACS URL from FlashDuty (needed in step 2)
1.2 Path: Access Control => Single Sign-On => Settings => SAML 2.0 Protocol => Flashcat Service Provider Information => Assertion Consumer Service URL
drawing

2. Create a New Client in Keycloak Console#

2.1 Path: Clients => Create client
2.2 Client Type: Select SAML protocol
2.3 Client ID: Enter flashcat.cloud (fixed value, cannot be changed)
drawing
2.4 Valid redirect URIs: Enter the ACS URL obtained from FlashDuty
drawing

3. Configure Client Settings#

3.1 Change Name ID format to email type
drawing
3.2 Set Client signature required to OFF
drawing
3.3 Create Client scope
提示
Before creating, you need to delete previous OpenID Connect protocol users. After creation, set it as Default
3.3.1 Create email/phone/username types following the image below
drawing
3.3.2 Final result after creation
drawing
3.4 Add users to the Client
drawingdrawing
3.5 Configure email/phone/username mappers (using email as an example, follow the same steps for others)
drawingdrawingdrawing

4. Download XML File#

提示
The downloaded file is a compressed archive containing two XML files. You only need the idp-metadata.xml file
4.1 Download from Client > Action
drawing
4.2 Upload the XML file to FlashDuty's SSO configuration
drawing

5. Create Users in Keycloak and Test Login#

5.1 Create user (must bind an email address)
drawing
5.2 Test login
Visit console.flashcat.cloud, select SSO login => Enter the login domain prefix from SSO configuration
drawing

OIDC Protocol Configuration#

1. Log in to FlashDuty Platform#

1.1 Get Redirect URL from FlashDuty (needed in step 2)
2.2 Path: Access Control => Single Sign-On => Settings => OIDC Protocol => Flashcat Service Provider Information => Redirect URL
drawing

2. Create a New Client in Keycloak Console#

2.1 Client Type: Select OIDC protocol
2.2 Client ID: No special requirements
drawing
2.3 Client authentication: Keep enabled
drawing
2.4 Valid redirect URIs: Enter the Redirect URL obtained in step 1
drawing

3. Get Client Information#

3.1 Client ID: The ID entered when creating the Client
3.2 Client Secret: Found in Client details => Credentials card
drawing
3.3 Issuer: Realm settings => Endpoints => OpenID Endpoint Configuration
drawing

4. FlashDuty SSO Configuration Example#

drawing
提示
After completing OIDC configuration, refer to section 5.2 for login testing
修改于 2024-11-18 03:27:01
上一页
Authing Integration
下一页
OpenLDAP Guide
Built with