Skip to content

IDPs Installation

To enable Identity Providers (IDPs) in your Daytona installation, we integrate Keycloak, an open-source identity and access management solution. Keycloak facilitates the addition of multiple IDPs, allowing users to authenticate to the Daytona dashboard through various identity providers.

This setup enables the creation of Workspaces from different Git Providers, and allows for the management of access scopes, permissions, sessions, and events. Additionally, Daytona provides tools to monitor and manage user activities within your organization.

This guide provides instructions on how to add, manage, configure, and disable Identity Providers (IDPs) using Keycloak.

Prerequisites

To configure and manage identity providers for your Daytona installation, ensure the following prerequisites are met:

  1. Daytona Installation

    Download and install Daytona on your infrastructure. Upon completion, you will receive a URL to access your Daytona dashboard. During the Daytona installation, credentials for accessing Keycloak via the Administration Console (username or email and password) will be provided.

  2. Keycloak URL

    Access the Keycloak URL provided during the Daytona installation.

  3. Registered Account with a Supported IDP:

    Ensure you have a registered account with one of the supported identity providers. Supported IDPs include Github, Gitlab, Bitbucket, Github Enterprise Server, Gitlab On-Premise, Bitbucket server, Google, Microsoft and many more.

Github

In this section, we will guide you through the process of configuring GitHub as an identity provider for your Daytona installation. This guide applies only if GitHub was not configured as an identity provider during the initial Daytona installation.

Configure Github in Keycloak


  1. Log into Keycloak
  • Open https://id.domain.com and select Administration Console on the front page.
  • Sign in using the credentials provided during the installation process (assuming you have met all the prerequisites).
  1. Default Realm
  • After you sign in, make sure you are on the default realm.
  • If you are not on the default realm (the home page shows scattered information with Server information and the title master realm), select default under the dropdown menu on the top left side of the home page.
  1. Configure GitHub as an Identity Provider
  • Under the default realm, click on Identity Providers under the Configure section on the left sidebar.
  • Then click on github. On the next page, copy the Redirect URI and note it down, as we will need it later. Don’t close this tab.
  1. Go to Developer Settings
  • Open Github in your browser, on the top right side of this page, click on your profile picture. Under the dropdown window, select Settings (at the bottom). Select Developer settings on the left sidebar.
  1. Create OAuth Apps
  • Select the OAuth Apps on the left sidebar. Then click on New OAuth App on the top right side.
  1. Required Inputs for GitHub OAuth
  • For the application name, you can name it as easily recognizable for yourself and distinguish it from your other applications (recommend using deployed domain).
  • The Homepage URL would be the URL to your Daytona dashboard.
  • The Authorization callback URL is the URL you have copied from step 2, Redirect URI. You don’t need to toggle Enable Device Flow here. Then click on Register application.
  1. Copy Client ID and Secrets
  • Under your application, click on the Generate a new client secret in the Client secrets section.
  • Copy the credentials under Client ID and paste it into your Keycloak Provider details page in the Client ID section.
  • Go back to the Github OAuth Application page, copy the credentials under the Client secrets section, and then paste it into Client Secret on your Keycloak Provider details page.
  1. Advance Settings on Keycloak
  • On Keycloak’s Provider details page, copy and paste the following text into the field Scopes under the Advanced settings:
Terminal window
read:user user:email repo
  • These three scopes will allow users to sign in via email, read GitHub users’ information, and access signed-in users’ repositories to gain read, write, and admin rights.
  • Toggle the fields Store tokens and Trust Email to turn them on. You can compare your information to the table below to make sure the details are correctly configured.
  • If you want to type in scopes by yourself, remember to use Space ␣ to separate different scopes and not comma ,.
  1. Save and Enable GitHub
  • After inputting all the information, click on Save at the bottom of Keycloak’s Provider details page, then toggle Disabled on the top right side of the page to change it to Enabled.
Github and Keycloak configuration details
Github VS. KeycloakGithub OAuth AppKeycloak Provider Details
URLAuthorization callback URLRedirect URI
IDClient IDClient ID
SecretsClient secretsClient Secret
ScopesNo extra configuration requiredread:user user:email repo
Keycloak Advance Settings Details
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

Confirm Github is Working

  • To confirm Github is working properly with Daytona, refer to the Git Provider section to see if you can create a Workspace based on the repository in Github.

  • If you open your Daytona dashboard URL, you should see the button Github on the sign-in page. If not, scan through the table above and confirm if all the input information is correct.

GitLab

If you choose another identity provider during the installation stage, you can still configure GitLab as an add-on identity provider. In this section, we will explain how you can do so. You will need to have a GitLab account.

Configure GitLab in Keycloak

  1. Log into GitLab
  • Sign into Gitlab. After signing in, click on your profile picture on the top of the left sidebar. Under the dropdown menu, select Preferences.
  1. Create OAuth Application
  • Click on Applications on the left sidebar. Then, click on Add new application.
  1. Default realm
  • Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section. After you sign in, make sure you are on the default realm.

  • You should see the homepage show Welcome to default at the center of the screen. If not (the homepage shows scattered information with Server info with the title master realm), select default under the dropdown menu on the top left side of the homepage.

  1. Configure GitLab as Identity Provider
  • Click on Identity Providers under the Configure section on the left sidebar.
  • Click on gitlab.
  • On the next page copy the Redirect URI. Don’t close this tab.
  1. GitLab application configuration
  • Go back to GitLab (you should be on the page Add new application).
  • The Name of your application should be recognizable to yourself.
  • The field Redirect URI is the Redirect URI you have copied from the last step.
  • Toggle the Confidential under the Redirect URI field.
  • Under the scope, toggle api, read_api, read_user, read_repository, openid, write_repository, profile, and email. Then click on Save application. If you are unsure about the settings under Scope in GitLab, you can refer to the table below to make sure the settings are correct.
  1. Copy Application ID and Secret
  • Copy the Application ID and paste it into your Keycloak’s Provider details page in the Client ID field
  • Copy the Secret field and paste it into the Client Secret field.
  • Click on Continue on GitLab’s application page.
  1. Configure Keycloak
  • Navigate back to Keycloak’s Provider details page for GitLab (at this stage you have filled in Client ID and Client Secret), copy the following value into the Scopes field under the Advanced settings section:
Terminal window
profile email read_user write_repository read_repository openid api read_api
  • These scopes will allow your Daytona installation to access the signed-in user’s profile, email, and respective repository(allow Daytona to create Workspace), use OpenID to authenticate users during sign-in, read and access GitLab’s API to work with Workspaces.
  • Toggle the fields Store tokens and Trust Email to turn them on. You can compare your information to the table below to make sure the details are correctly configured.
  • If you want to type in scopes by yourself, remember to use Space ␣ to separate different scopes instead of a comma ,.
  1. Enable GitLab
  • After finishing the above steps, on Keycloak, click Save at the bottom of the page (on Keycloak), and then enable the identity provider (toggle the Disabled switch on the top right side of the page to Enabled).
Gitlab and Keycloak configuration details
Gitlab VS. KeycloakGitlab ApplicationKeycloak Provider Details
URLCallback URLRedirect URI
IDApplication IDClient ID
SecretsSecretClient Secret
Scopes
  • api
  • read_api
  • read_user
  • read_repository
  • write_repository
  • openid
  • profile
  • email
profile email read_user write_repository read_repository openid api read_api
Keycloak Advance Settings Details
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

Confirm GitLab is Working

You can refer to the Git Provider section to see if you can create a Workspace based on the repository in GitLab to confirm GitLab is working properly with Daytona.

Bitbucket

In this section, we will guide you through how to configure Bitbucket as your add-on identity provider if you haven’t done so during the installation process. You will need a registered account and a Workspace connected to that account on Bitbucket.

Configure Bitbucket in Keycloak

  1. Create OAuth Consumer on Bitbucket
  • You can sign into Bitbucket with this link. After you sign in, click on the settings button on the top right, then in the dropdown menu select Workspace settings.
  • Scroll down and find APPS AND FEATURES section in the left sidebar. Under this section, click on OAuth consumers and then click on Add consumer on this page.
  1. Default Realm in Keycloak
  • Open https://id.domain.com and click on Administration Console on the front page, then sign in with the credentials you obtained from your installation.
  • After you sign in, make sure you are on the default realm.
  • You should see the homepage show Welcome to default at the center of the screen. If not (the home page shows scattered information with Server info with the title master realm), you can select default under the dropdown menu on the top left side of the home page.
  1. Configure Bitbucket as an Identity Provider
  • Click on Identity Providers under the Configure section on the left sidebar
  • Click on bitbucket.
  • Copy the Redirect URI and note it down, as we will need it later. Don’t close this tab.
  1. Configure OAuth consumer
  • Navigate back to Bitbucket, on the Add OAuth consumer page, give your application a distinguishable name in the Name field (required, example: daytona-domain-name)
  • Paste the Redirect URI from the previous step into the Callback URL field.
  • The URL field will be your Daytona dashboard URL.
  • You can leave the Privacy policy URL and End user license agreement URL empty. Make sure not to toggle This is a private consumer. Your configuration will fail if you enable this.
  1. Permissions Scopes in Bitbucket
  • Under the Permissions section on the same page, tick the permission scope:
  • Account: Email, Read
  • Workspace membership: Read, Write
  • Projects: Read, Write, Admin
  • Repositories: Read, Write, Admin
  • Pull requests: Read
  • Click Save at the bottom.
  • If you are unsure about the settings under Permissions in Bitbucket, you can refer to the table below to make sure the settings are correct.
  1. Copy Key and Secret
  • After clicking on Save, you will be sent back to the OAuth consumers page in Bitbucket. Click on the application name you just created on Bitbucket’s Workspace settings/OAuth consumers page.
  • Copy the value after Key on Bitbucket and paste it into Keycloak’s Client ID field.
  • Copy the value after Secret on Bitbucket and paste it into Keycloak’s Client Secret field.
  1. Configure Keycloak
  • Under the Advance settings section, copy and paste the following value into the field Scope:
Terminal window
email account repository:write project
  • These permission scopes will allow us to access authenticated users’ email, account details, and project-related information and gain write access to repositories to create a Workspace.
  1. Enable Bitbucket
  • After finishing the above steps, on Keycloak, click Save at the bottom, and then Enabled the identity provider (toggle the Disabled switch on the top right side on the page).

Confirm Bitbucket is Working

After you finish all the configuration, you can refer to the BitBucket section in Git Providers guide and visit your Daytona dashboard to confirm the configuration is correct and working properly.

BitBucket and Keycloak configuration details
BitBucket VS. KeycloakBitBucket OAuth ConsumerKeycloak Provider Details
URLCallback URLRedirect URI
IDKeyClient ID
SecretsSecretClient Secret
Permission scope
  • Account
    • Email
    • Read
    • Write
  • Workspace membership
    • Read
    • Write
  • Projects
    • Read
    • Write
    • Admin
  • Repositories
    • Read
    • Write
    • Admin
    • Delete
  • Pull requests
    • Read
    • Write
  • Issues
    • Read
    • Write
  • Wikis
    • Read and write
  • Snippets
    • Read
    • Write
  • Webhooks
    • Read and write
  • Pipelines
    • Read
    • Write
    • Edit variables
  • Runners
    • Read
    • Write
email account repository:write project
Keycloak Advance Settings Details
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

These permissions will allow Daytona to authenticate users, access users’ Workspace membership, find team members, and access users’ repositories to create Workspaces.

Github Enterprise

This section will illustrate how to configure Github Enterprise as an identity provider for your Daytona installation. You will need an active deployment of Github Enterprise version and a registered account.

Configure Github Enterprise in Keycloak

  1. Create OAuth Application on Github Enterprise
  • Open your Github Enterprise domain URL in the browser and log in, click on your profile picture on the top right side of the page.
  • Under the dropdown menu, select Settings.
  • Scroll down and find Developer settings on the left sidebar, click on OAuth Apps on the left and then New OAuth App on the top right side of the page. Don’t close this tab.
  1. Log into Default Realm in Keycloak
  • Open https://id.domain.com and click on Administration Console on the front page, then sign in with the credentials you obtained from your installation.
  • After you sign in, make sure you are on the default realm.
  • You should see the homepage show Welcome to default at the center of the screen. If not (the home page shows scattered information with Server info with the title master realm), you can select default under the dropdown menu on the top left side of the home page.
  1. Configure Bitbucket as an Identity Providers
  • Click on Identity Providers under the Configure section on the left sidebar
  • Then click on bitbucket.
  • Copy the Redirect URI and note it down, as we will need it later. Don’t close this tab.
  1. Configure OAuth Application on Github Enterprise
  • Go back to Github Enterprise, on the Register a new OAuth application page, fill in the following information:
  • The Application name would be something recognizable to yourself. Recommend using your domain name.
  • The Homepage URL would be your Daytona dashboard URL.
  • The Authorization callback URL is the Redirect URI you have copied from the previous step.
  • You don’t need to toggle Enable Device Flow here. Then click on **Register application**.
  1. Copy Client ID and Secrets
  • Under your application, click on the Generate a new client secret in the Client secrets section.
  • Copy the credentials under Client ID and paste it into your Keycloak Provider details page in the Client ID section.
  • Go back to the Github Enterprise OAuth Application page, copy the credentials under the Client secrets section, and then paste it into Client Secret on your Keycloak.
  • ! important: At the Base URL input field in Keycloak, paste your Github Enterprise URL (the dashboard URL where it is deployed, no trailing slash at the end).
  1. Configure Scopes in Keycloak
  • Under the Advance settings section, copy and paste the following value into the field Scope:
Terminal window
read:user user:email repo
  • These permission scopes will allow us to access authenticated users’ email, account details, and access signed-in users’ repositories to gain read, write, and admin rights.
  • Toggle the fields Store tokens and Trust Email to turn them on. You can compare your information to the table below to make sure the details are correctly configured.
  • If you want to type in scopes by yourself, remember to use Space ␣ to separate different scopes instead of a comma ,.
  1. Enable Github Enterprise
  • After finishing the above steps, on Keycloak, click Save at the bottom of the page (on Keycloak), and then enable the identity provider (toggle the Disabled switch on the top right side on the page).
Github Enterprise and Keycloak configuration details
Github Enterprise VS. KeycloakGithub OAuth AppKeycloak Provider Details
URLAuthorization callback URLRedirect URI
IDClient IDClient ID
SecretsClient secretsClient Secret
ScopesNo extra configuration requiredread:user user:email repo
Keycloak Settings Details
Base URLGithub Enterprise deployment URL
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

Confirm Github Enterprise is Working

  • To confirm Github Enterprise is working properly with Daytona, refer to the Git Provider section to see if you can create a Workspace based on the repository in Github Enterprise.

Bitbucket Server

If you or your organization deployed BitBucket Server as your Git provider and want to use it as an identity provider for your Daytona installation, you can follow the steps below to configure it. To complete this guide, you will need an active deployment of BitBucket Server and a registered account on your BitBucket Server.

Configure Bitbucket Server in Keycloak

  1. Log into default realm in Keycloack
  • Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section.
  • After you sign in, make sure you are on the default realm. You should see the homepage show Welcome to default at the center of the screen.
  • If not (the homepage shows scattered information with Server info with the title master realm), you can select default under the dropdown menu on the top left side of the homepage.
  1. Obtain redirect URL
  • Under the default realm, click on Identity Providers under the Configure section on the left sidebar.
  • Then click on bitbucket-server (should be labeled with disabled at the moment).
  • On the next page, Provider details, copy the Redirect URI and note it down, as we will need it later. Don’t close this tab.
  1. Create OAuth Application
  • Open your Bitbucket Server dashboard in the browser. On the top right side of the page, click on the settings button (with a gear icon).
  • Then click on Application Links under the SYSTEM section on the left sidebar (under Application Navigator).
  • Click on Create link on the top right side of the Application links page.
  • Select External application under Application type.
  • Under the Direction section, select Incoming.
  • Click on Continue.
  1. Configure Application in Bitbucket Server
  • For the application name, we recommend using your Daytona deploy domain for easy recognition.
  • Under Application details, paste the Redirect URI you have copied from the previous step (from the Keycloak dashboard) into the Redirect URL field.
  • Under Application permission, select Read and Write under Repositories.
  • Then click on Save at the bottom.
  1. Configure Keycloak
  • Copy and paste the Client ID from Bitbucket into the Client ID field on Keycloak’s Provider details page.
  • Copy and paste the Client secret into the Client Secret field on Keycloak.
  • ! important: At the Base URL input field in Keycloak, paste your Bitbucket Server URL (the dashboard URL where it is deployed, no trailing slash at the end).
  1. Configure Scopes in Keycloak
  • Under the Advance settings section, copy and paste the following value into the field Scope:
Terminal window
PUBLIC_REPOS REPO_READ REPO_WRITE

If you are unsure about the settings under Advance settings in Keycloak, you can refer to the table below to make sure the settings are correct. These permission scopes will allow us to access authenticated users’ repositories to create a Workspace (without destructive behavior).

  1. Enable Bitbucket Server
  • After finishing the above steps, on Keycloak, click Save at the bottom, and then enable the identity provider (toggle the Disabled switch on the top right side of the page to Enabled).
BitBucket server and Keycloak configuration details
BitBucket Server VS. KeycloakBitBucket ServerKeycloak Provider Details
URLRedirect URLRedirect URI
IDClient IDClient ID
SecretsClient secretClient Secret
Scopes
  • Repositories
  • Read
  • Write
  • Admin
PUBLIC_REPOS REPO_READ REPO_WRITE
Keycloak Advance Settings Details
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

Confirm Bitbucket Server is Working

After you finish all the configuration, you can refer to the Bitbucket Server section in Git Providers guide and visit your Daytona dashboard to confirm the configuration is correct and working properly.

Google

In the section below we will guide you how to configure Google as an identity provider for your Daytona installation. You will need a registered Google cloud account, or a Google account associated with a Google cloud account.

Configure Google in Keycloak

  1. Log into default realm in Keycloak
  • Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section.
  • After you sign in, make sure you are on the default realm. You should see the homepage show Welcome to default at the center of the screen.
  • If not (the homepage shows scattered information with Server info with the title master realm), you can select default under the dropdown menu on the top left side of the homepage.
  1. Obtain Redirect URL
  • Under the default realm, click on Identity Providers under the Configure section on the left sidebar.
  • Then click on google (should be labeled with disabled at the moment).
  • On the next page, Provider details, copy the Redirect URI and note it down, as we will need it later. Don’t close this tab.
  1. Configure OAuth Consent Screen in Google Cloud
  • Sign in to your Google Cloud console’s APIs and services with this link. Or on your Google Cloud console, click on the hamburger menu on the top left side of the page, then select APIs and services.
  • Click on OAuth consent screen on the left side of the page and select External in User Type. Click on CREATE.
  • For App name, we recommend using your Daytona deploy domain for easy recognition.
  • For User support email, use your IT support email (internal). It is for users to contact you with question about their consent.
  • You can skip filling in all information except Developer contact information. You can input multiple ones for Google to notify you about any changes to your project. Then SAVE AND CONTINUE
  1. Add scopes to Permissions
  • On the next page, click on ADD OR REMOVE SCOPES.
  • Search for email, profile and openid and select below values:
  • Click on UPDATE. and then SAVE AND CONTINUE on the main page.
  • You can add Test users based on your needs. During testing stage only testing user would be able to access the authenticated application. Click on SAVE AND CONTINUE to continue.
  • On the summary page, click on BACK TO DASHBOARD.
  1. Create Credentials
  • On the left click Credentials and then on the top click + CREATE CREDENTIALS.
  • Select OAuth client ID and select Web application as the application type.
  • Use a name you can correlate to the OAuth application you created for the Name field.
  • Under Authorized redirect URI, paste the Redirect URI you have copied from the previous step (from the Keycloak dashboard) into the Authorized redirect URIs field.
  • Then click on CREATE.
  1. Configure Keycloak
  • Copy the Client ID and paste it into your Keycloak Provider details page in the Client ID section.
  • Copy the Client secret and paste it into your Keycloak Provider details page in the Client Secret section. Don’t close this tab.
  • You can (and should) download the JSON file and keep it somewhere safe for future reference.
  • Under Advance settings*, copy and paste the following value into the field Scope:
Terminal window
profile email openid
  • These permission scopes will allow us to access authenticated users’ email and authenticate account details.
  • Toggle the fields Store tokens and Trust Email to turn them on. You can compare your information to the table below to make sure the details are correctly configured.
  • On the top right side of the page, toggle the Disabled switch to Enabled.
  1. Publish your OAuth Application
  • Navigate back to Google Cloud console, on the left side of the page, click on OAuth consent screen.
  • Click on PUBLISH APP.
Google OAuth and Keycloak configuration details
Google VS. KeycloakGoogle OAuthKeycloak Provider Details
URLAuthorized redirect URIRedirect URI
IDClient IDClient ID
SecretsClient secretClient Secret
Scopes
  • profile
  • email
  • openid
openid profile email
Keycloak Advance Settings Details
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

Confirm Google is Working

You can now open your Daytona dashboard on the browser and try to sign in with your Google account.

Azure Active Directory (now Microsoft Entra ID)

The following section will guide you through how to configure Azure as an identity provider for your Daytona installation. You will need a registered Azure account associated with a registered Microsoft Azure tenant. We assume you are familiar with Azure interface and have experience interacting with it.

Configure Azure Active Directory in Keycloak

  1. Log into Default Realm in Keycloak
  • Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section.
  • After you sign in, make sure you are on the default realm. You should see the homepage show Welcome to default at the center of the screen.
  • If not (the homepage shows scattered information with Server info with the title master realm), you can select default under the dropdown menu on the top left side of the homepage.
  1. Obtain Redirect URL
  • Under the default realm, click on Identity Providers under the Configure section on the left sidebar.
  • Click on azure (should be labeled with disabled at the moment).
  • On the next page, Provider details, copy the Redirect URI and note it down, as we will need it later. Don’t close this tab.
  1. Register an Application in Azure
  • Sign in to your Azure portal with this link. Or on your Azure portal, search for App registrations and then click on New registration.
  • For Name, we recommend using your Daytona deploy domain for easy recognition.
  • For Supported account types, you can choose an option based on your organization needs. If you often have external contractors, select Accounts in any organizational directory.
  • Under the Redirect URI section, select Web and paste the Redirect URI you have copied from the previous step (from the Keycloak dashboard) into the Redirect URI input field.
  • Click on Register.
  1. Copy Client ID and Secrets
  • You will then be redirected to the overview page of your application.
  • Copy the Application (client) ID and paste it into your Keycloak Provider details page in the Client ID section.
  • Under Certificates & secrets, click on New client secret. Copy the Value and paste it into your Keycloak Provider details page in the Client Secret section.
  1. Configure Keycloak
  • Under Advance settings, copy and paste the following value into the field Scope:
Terminal window
openid profile email user.read
  • These permission scopes will allow us to access authenticated users’ email, account details, and authenticate users via their Azure account or Microsoft account.
  • Toggle the fields Store tokens and Trust Email to turn them on. You can compare your information to the table below to make sure the details are correctly configured.
  • Click Save.
  • On the top right side of the page, toggle the Disabled switch to Enabled.
Azure and Keycloak configuration details
Azure VS. KeycloakAzureKeycloak Provider Details
URLRedirect URIRedirect URI
IDApplication (client) IDClient ID
SecretsValue (in Credentials in secrets)Client Secret
Scopes
  • openid
  • profile
  • email
  • user.read
openid profile email user.read
Keycloak Advance Settings Details
Store tokensOn
Accepts prompt=none forward from clientOff
Disable user infoOff
Trust EmailOn
Hide on login pageOff
Verify essential claimOff
First login flow (dropdown)first broker login
Post login flowNone
Sync modeImport

Confirm Azure is Working

You can now open your Daytona dashboard on the browser and try to sign in with your Azure/Microsoft account.

Disable Identity Provider

In this section, we will walk you through how to disable an identity provider on Keycloak for your Daytona installation.

  1. Sign into Keycloak
  • Go onto https://id.domain.com in the browser and click on Administration Console, then sign in with the credentials you’ve obtained while installing Daytona.
  1. Select Identity Providers on the Default Realm
  • Once you sign in, confirm on the top left corner of the page that you are on the default realm. Select Identity providers under the Configure section.
  1. Toggle Disable
  • On the Identity providers page, click on the identity provider you wish to disable. You will then be directed to the Identity providers > Provider details > selected-identity-provider page. On the top right side of the configuration page, toggle Enabled to Disabled.

Delete Identity Provider on Keycloak


  1. Select Identity Providers on Keycloak
  • Go onto https://id.domain.com in the browser and click on Administration Console, then sign in with the credentials you’ve obtained while installing Daytona. Once you sign in, confirm that you are on the default realm. Select Identity providers under the Configure section.
  1. Select Delete
  • Once you are on the identity provider page, find your selected identity provider and click on the three dots ... button. On the dropdown menu select Delete.