IDPs Installation
To enable Identity Providers (IDPs) in your Daytona installation, we integrate Keycloak, an open-source identity and access management solution. Keycloak facilitates the addition of multiple IDPs, allowing users to authenticate to the Daytona dashboard through various identity providers.
This setup enables the creation of Workspaces from different Git Providers, and allows for the management of access scopes, permissions, sessions, and events. Additionally, Daytona provides tools to monitor and manage user activities within your organization.
This guide provides instructions on how to add, manage, configure, and disable Identity Providers (IDPs) using Keycloak.
Prerequisites
To configure and manage identity providers for your Daytona installation, ensure the following prerequisites are met:
-
Daytona Installation
Download and install Daytona on your infrastructure. Upon completion, you will receive a URL to access your Daytona dashboard. During the Daytona installation, credentials for accessing Keycloak via the Administration Console (username or email and password) will be provided.
-
Keycloak URL
Access the Keycloak URL provided during the Daytona installation.
-
Registered Account with a Supported IDP:
Ensure you have a registered account with one of the supported identity providers. Supported IDPs include Github, Gitlab, Bitbucket, Github Enterprise Server, Gitlab On-Premise, Bitbucket server, Google, Microsoft and many more.
Github
In this section, we will guide you through the process of configuring GitHub as an identity provider for your Daytona installation. This guide applies only if GitHub was not configured as an identity provider during the initial Daytona installation.
Configure Github in Keycloak
- Log into Keycloak
- Open
https://id.domain.com
and selectAdministration Console
on the front page. - Sign in using the credentials provided during the installation process (assuming you have met all the prerequisites).
- Default Realm
- After you sign in, make sure you are on the
default
realm. - If you are not on the default realm (the home page shows scattered information with Server information and the title master realm), select
default
under the dropdown menu on the top left side of the home page.
- Configure GitHub as an Identity Provider
- Under the default realm, click on
Identity Providers
under the Configure section on the left sidebar. - Then click on
github
. On the next page, copy theRedirect URI
and note it down, as we will need it later. Don’t close this tab.
- Go to Developer Settings
- Open Github in your browser, on the top right side of this page, click on your profile picture. Under the dropdown window, select
Settings
(at the bottom). SelectDeveloper setting
s on the left sidebar.
- Create OAuth Apps
- Select the
OAuth Apps
on the left sidebar. Then click onNew OAuth App
on the top right side.
- Required Inputs for GitHub OAuth
- For the application name, you can name it as easily recognizable for yourself and distinguish it from your other applications (recommend using deployed domain).
- The
Homepage URL
would be the URL to your Daytona dashboard. - The
Authorization callback URL
is the URL you have copied from step 2,Redirect URI
. You don’t need to toggleEnable Device Flow
here. Then click onRegister application
.
- Copy Client ID and Secrets
- Under your application, click on the
Generate a new client secret
in the Client secrets section. - Copy the
credentials under Client ID
and paste it into your Keycloak Provider details page in the Client ID section. - Go back to the Github OAuth Application page, copy the
credentials under the Client secrets
section, and then paste it into Client Secret on your Keycloak Provider details page.
- Advance Settings on Keycloak
- On Keycloak’s Provider details page, copy and paste the following text into the field
Scopes
under theAdvanced settings
:
- These three scopes will allow users to sign in via email, read GitHub users’ information, and access signed-in users’ repositories to gain read, write, and admin rights.
- Toggle the fields
Store tokens
andTrust Email
to turn them on. You can compare your information to the table below to make sure the details are correctly configured.- If you want to type in scopes by yourself, remember to use Space ␣ to separate different scopes and not comma ,.
- Save and Enable GitHub
- After inputting all the information, click on
Save
at the bottom of Keycloak’s Provider details page, then toggle Disabled on the top right side of the page to change it toEnabled
.
Github and Keycloak configuration details
Github VS. Keycloak | Github OAuth App | Keycloak Provider Details |
---|---|---|
URL | Authorization callback URL | Redirect URI |
ID | Client ID | Client ID |
Secrets | Client secrets | Client Secret |
Scopes | No extra configuration required | read:user user:email repo |
Keycloak Advance Settings | Details |
---|---|
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
Confirm Github is Working
-
To confirm Github is working properly with Daytona, refer to the Git Provider section to see if you can create a Workspace based on the repository in Github.
-
If you open your Daytona dashboard URL, you should see the button
Github
on the sign-in page. If not, scan through the table above and confirm if all the input information is correct.
GitLab
If you choose another identity provider during the installation stage, you can still configure GitLab as an add-on identity provider. In this section, we will explain how you can do so. You will need to have a GitLab account.
Configure GitLab in Keycloak
- Log into GitLab
- Sign into Gitlab. After signing in, click on your profile picture on the top of the left sidebar. Under the dropdown menu, select
Preferences
.
- Create OAuth Application
- Click on
Applications
on the left sidebar. Then, click onAdd new application
.
- Default realm
-
Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section. After you sign in, make sure you are on the
default realm
. -
You should see the homepage show Welcome to default at the center of the screen. If not (the homepage shows scattered information with Server info with the title master realm), select
default
under the dropdown menu on the top left side of the homepage.
- Configure GitLab as Identity Provider
- Click on
Identity Providers
under the Configure section on the left sidebar. - Click on
gitlab
. - On the next page copy the
Redirect URI
. Don’t close this tab.
- GitLab application configuration
- Go back to GitLab (you should be on the page
Add new application
). - The
Name
of your application should be recognizable to yourself. - The field
Redirect URI
is theRedirect URI
you have copied from the last step. - Toggle the
Confidential
under theRedirect URI
field. - Under the scope, toggle
api
,read_api
,read_user
,read_repository
,openid
,write_repository
,profile
, andemail
. Then click onSave application
. If you are unsure about the settings underScope
in GitLab, you can refer to the table below to make sure the settings are correct.
- Copy Application ID and Secret
- Copy the
Application ID
and paste it into your Keycloak’s Provider details page in the Client ID field - Copy the
Secret
field and paste it into the Client Secret field. - Click on
Continue
on GitLab’s application page.
- Configure Keycloak
- Navigate back to Keycloak’s Provider details page for GitLab (at this stage you have filled in
Client ID
andClient Secret
), copy the following value into theScopes
field under the Advanced settings section:
- These scopes will allow your Daytona installation to access the signed-in user’s profile, email, and respective repository(allow Daytona to create Workspace), use OpenID to authenticate users during sign-in, read and access GitLab’s API to work with Workspaces.
- Toggle the fields
Store tokens
andTrust Email
to turn them on. You can compare your information to the table below to make sure the details are correctly configured.- If you want to type in scopes by yourself, remember to use Space ␣ to separate different scopes instead of a comma ,.
- Enable GitLab
- After finishing the above steps, on Keycloak, click
Save
at the bottom of the page (on Keycloak), and then enable the identity provider (toggle the Disabled switch on the top right side of the page toEnabled
).
Gitlab and Keycloak configuration details
Gitlab VS. Keycloak | Gitlab Application | Keycloak Provider Details |
---|---|---|
URL | Callback URL | Redirect URI |
ID | Application ID | Client ID |
Secrets | Secret | Client Secret |
Scopes |
| profile email read_user write_repository read_repository openid api read_api |
Keycloak Advance Settings | Details |
---|---|
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
Confirm GitLab is Working
You can refer to the Git Provider section to see if you can create a Workspace based on the repository in GitLab to confirm GitLab is working properly with Daytona.
Bitbucket
In this section, we will guide you through how to configure Bitbucket as your add-on identity provider if you haven’t done so during the installation process. You will need a registered account and a Workspace connected to that account on Bitbucket.
Configure Bitbucket in Keycloak
- Create OAuth Consumer on Bitbucket
- You can sign into Bitbucket with this link. After you sign in, click on the settings button on the top right, then in the dropdown menu select Workspace settings.
- Scroll down and find APPS AND FEATURES section in the left sidebar. Under this section, click on
OAuth consumers
and then click onAdd consumer
on this page.
- Default Realm in Keycloak
- Open
https://id.domain.com
and click onAdministration Console
on the front page, then sign in with the credentials you obtained from your installation. - After you sign in, make sure you are on the
default realm
. - You should see the homepage show Welcome to default at the center of the screen. If not (the home page shows scattered information with Server info with the title master realm), you can select
default
under the dropdown menu on the top left side of the home page.
- Configure Bitbucket as an Identity Provider
- Click on
Identity Providers
under the Configure section on the left sidebar - Click on
bitbucket
. - Copy the
Redirect URI
and note it down, as we will need it later. Don’t close this tab.
- Configure OAuth consumer
- Navigate back to Bitbucket, on the Add OAuth consumer page, give your application a distinguishable name in the
Name
field (required, example:daytona-domain-name
) - Paste the
Redirect URI
from the previous step into theCallback URL
field. - The
URL
field will be your Daytona dashboard URL. - You can leave the
Privacy policy URL
andEnd user license agreement URL
empty. Make sure not to toggleThis is a private consumer
. Your configuration will fail if you enable this.
- Permissions Scopes in Bitbucket
- Under the Permissions section on the same page, tick the permission scope:
- Account:
Read
- Workspace membership:
Read
,Write
- Projects:
Read
,Write
,Admin
- Repositories:
Read
,Write
,Admin
- Pull requests:
Read
- Click
Save
at the bottom. - If you are unsure about the settings under
Permissions
in Bitbucket, you can refer to the table below to make sure the settings are correct.
- Copy Key and Secret
- After clicking on
Save
, you will be sent back to the OAuth consumers page in Bitbucket. Click on the application name you just created on Bitbucket’s Workspace settings/OAuth consumers page. - Copy the value after
Key
on Bitbucket and paste it into Keycloak’s Client ID field. - Copy the value after
Secret
on Bitbucket and paste it into Keycloak’s Client Secret field.
- Configure Keycloak
- Under the Advance settings section, copy and paste the following value into the field
Scope
:
- These permission scopes will allow us to access authenticated users’ email, account details, and project-related information and gain write access to repositories to create a Workspace.
- Enable Bitbucket
- After finishing the above steps, on Keycloak, click
Save
at the bottom, and thenEnabled
the identity provider (toggle the Disabled switch on the top right side on the page).
Confirm Bitbucket is Working
After you finish all the configuration, you can refer to the BitBucket section in Git Providers guide and visit your Daytona dashboard to confirm the configuration is correct and working properly.
BitBucket and Keycloak configuration details
BitBucket VS. Keycloak | BitBucket OAuth Consumer | Keycloak Provider Details |
---|---|---|
URL | Callback URL | Redirect URI |
ID | Key | Client ID |
Secrets | Secret | Client Secret |
Permission scope |
| email account repository:write project |
Keycloak Advance Settings | Details |
---|---|
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
These permissions will allow Daytona to authenticate users, access users’ Workspace membership, find team members, and access users’ repositories to create Workspaces.
Github Enterprise
This section will illustrate how to configure Github Enterprise as an identity provider for your Daytona installation. You will need an active deployment of Github Enterprise version and a registered account.
Configure Github Enterprise in Keycloak
- Create OAuth Application on Github Enterprise
- Open your Github Enterprise domain URL in the browser and log in, click on your
profile picture
on the top right side of the page. - Under the dropdown menu, select
Settings
. - Scroll down and find
Developer settings
on the left sidebar, click onOAuth Apps
on the left and thenNew OAuth App
on the top right side of the page. Don’t close this tab.
- Log into Default Realm in Keycloak
- Open
https://id.domain.com
and click onAdministration Console
on the front page, then sign in with the credentials you obtained from your installation. - After you sign in, make sure you are on the
default realm
. - You should see the homepage show Welcome to default at the center of the screen. If not (the home page shows scattered information with Server info with the title master realm), you can select
default
under the dropdown menu on the top left side of the home page.
- Configure Bitbucket as an Identity Providers
- Click on
Identity Providers
under the Configure section on the left sidebar - Then click on
bitbucket
. - Copy the
Redirect URI
and note it down, as we will need it later. Don’t close this tab.
- Configure OAuth Application on Github Enterprise
- Go back to Github Enterprise, on the Register a new OAuth application page, fill in the following information:
- The
Application name
would be something recognizable to yourself. Recommend using your domain name. - The
Homepage URL
would be your Daytona dashboard URL. - The
Authorization callback URL
is the Redirect URI you have copied from the previous step. - You don’t need to toggle
Enable Device Flow
here. Then click on **Register application
**.
- Copy Client ID and Secrets
- Under your application, click on the
Generate a new client secret
in the Client secrets section. - Copy the
credentials under Client ID
and paste it into your Keycloak Provider details page in the Client ID section. - Go back to the Github Enterprise OAuth Application page, copy the
credentials under the Client secrets
section, and then paste it into Client Secret on your Keycloak. - ! important: At the
Base URL
input field in Keycloak, paste your Github Enterprise URL (the dashboard URL where it is deployed, no trailing slash at the end).
- Configure Scopes in Keycloak
- Under the Advance settings section, copy and paste the following value into the field
Scope
:
- These permission scopes will allow us to access authenticated users’ email, account details, and access signed-in users’ repositories to gain read, write, and admin rights.
- Toggle the fields
Store tokens
andTrust Email
to turn them on. You can compare your information to the table below to make sure the details are correctly configured.- If you want to type in scopes by yourself, remember to use
Space ␣
to separate different scopes instead of a comma,
.
- Enable Github Enterprise
- After finishing the above steps, on Keycloak, click
Save
at the bottom of the page (on Keycloak), and then enable the identity provider (toggle the Disabled switch on the top right side on the page).
Github Enterprise and Keycloak configuration details
Github Enterprise VS. Keycloak | Github OAuth App | Keycloak Provider Details |
---|---|---|
URL | Authorization callback URL | Redirect URI |
ID | Client ID | Client ID |
Secrets | Client secrets | Client Secret |
Scopes | No extra configuration required | read:user user:email repo |
Keycloak Settings | Details |
---|---|
Base URL | Github Enterprise deployment URL |
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
Confirm Github Enterprise is Working
- To confirm Github Enterprise is working properly with Daytona, refer to the Git Provider section to see if you can create a Workspace based on the repository in Github Enterprise.
Bitbucket Server
If you or your organization deployed BitBucket Server as your Git provider and want to use it as an identity provider for your Daytona installation, you can follow the steps below to configure it. To complete this guide, you will need an active deployment of BitBucket Server and a registered account on your BitBucket Server.
Configure Bitbucket Server in Keycloak
- Log into default realm in Keycloack
- Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section.
- After you sign in, make sure you are on the
default realm
. You should see the homepage show Welcome to default at the center of the screen. - If not (the homepage shows scattered information with Server info with the title master realm), you can select
default
under the dropdown menu on the top left side of the homepage.
- Obtain redirect URL
- Under the default realm, click on
Identity Providers
under the Configure section on the left sidebar. - Then click on
bitbucket-server
(should be labeled withdisabled
at the moment). - On the next page,
Provider details
, copy theRedirect URI
and note it down, as we will need it later. Don’t close this tab.
- Create OAuth Application
- Open your Bitbucket Server dashboard in the browser. On the top right side of the page, click on the settings button (with a gear icon).
- Then click on
Application Links
under the SYSTEM section on the left sidebar (under Application Navigator). - Click on
Create link
on the top right side of the Application links page. - Select
External application
under Application type. - Under the Direction section, select Incoming.
- Click on
Continue
.
- Configure Application in Bitbucket Server
- For the
application name
, we recommend using your Daytona deploy domain for easy recognition. - Under Application details, paste the Redirect URI you have copied from the previous step (from the Keycloak dashboard) into the
Redirect URL
field. - Under Application permission, select Read and Write under Repositories.
- Then click on
Save
at the bottom.
- Configure Keycloak
- Copy and paste the Client ID from Bitbucket into the
Client ID
field on Keycloak’s Provider details page. - Copy and paste the Client secret into the
Client Secret
field on Keycloak. - ! important: At the
Base URL
input field in Keycloak, paste your Bitbucket Server URL (the dashboard URL where it is deployed, no trailing slash at the end).
- Configure Scopes in Keycloak
- Under the Advance settings section, copy and paste the following value into the field
Scope
:
If you are unsure about the settings under Advance settings in Keycloak, you can refer to the table below to make sure the settings are correct. These permission scopes will allow us to access authenticated users’ repositories to create a Workspace (without destructive behavior).
- Enable Bitbucket Server
- After finishing the above steps, on Keycloak, click
Save
at the bottom, and then enable the identity provider (toggle the Disabled switch on the top right side of the page toEnabled
).
BitBucket server and Keycloak configuration details
BitBucket Server VS. Keycloak | BitBucket Server | Keycloak Provider Details |
---|---|---|
URL | Redirect URL | Redirect URI |
ID | Client ID | Client ID |
Secrets | Client secret | Client Secret |
Scopes |
| PUBLIC_REPOS REPO_READ REPO_WRITE |
Keycloak Advance Settings | Details |
---|---|
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
Confirm Bitbucket Server is Working
After you finish all the configuration, you can refer to the Bitbucket Server section in Git Providers guide and visit your Daytona dashboard to confirm the configuration is correct and working properly.
In the section below we will guide you how to configure Google as an identity provider for your Daytona installation. You will need a registered Google cloud account, or a Google account associated with a Google cloud account.
Configure Google in Keycloak
- Log into default realm in Keycloak
- Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section.
- After you sign in, make sure you are on the
default realm
. You should see the homepage show Welcome to default at the center of the screen. - If not (the homepage shows scattered information with Server info with the title master realm), you can select
default
under the dropdown menu on the top left side of the homepage.
- Obtain Redirect URL
- Under the default realm, click on
Identity Providers
under the Configure section on the left sidebar. - Then click on
google
(should be labeled withdisabled
at the moment). - On the next page, Provider details, copy the
Redirect URI
and note it down, as we will need it later. Don’t close this tab.
- Configure OAuth Consent Screen in Google Cloud
- Sign in to your Google Cloud console’s
APIs and services
with this link. Or on your Google Cloud console, click on the hamburger menu on the top left side of the page, then selectAPIs and services
. - Click on
OAuth consent screen
on the left side of the page and selectExternal
in User Type. Click onCREATE
. - For
App name
, we recommend using your Daytona deploy domain for easy recognition. - For
User support email
, use your IT support email (internal). It is for users to contact you with question about their consent. - You can skip filling in all information except Developer contact information. You can input multiple ones for Google to notify you about any changes to your project. Then SAVE AND CONTINUE
- Add scopes to Permissions
- On the next page, click on
ADD OR REMOVE SCOPES
. - Search for
email
,profile
andopenid
and select below values:
- Click on
UPDATE
. and thenSAVE AND CONTINUE
on the main page. - You can add
Test users
based on your needs. During testing stage only testing user would be able to access the authenticated application. Click onSAVE AND CONTINUE
to continue. - On the summary page, click on
BACK TO DASHBOARD
.
- Create Credentials
- On the left click
Credentials
and then on the top click+ CREATE CREDENTIALS
. - Select
OAuth client ID
and selectWeb application
as the application type. - Use a name you can correlate to the OAuth application you created for the
Name
field. - Under Authorized redirect URI, paste the Redirect URI you have copied from the previous step (from the Keycloak dashboard) into the
Authorized redirect URIs
field. - Then click on
CREATE
.
- Configure Keycloak
- Copy the
Client ID
and paste it into your Keycloak Provider details page in the Client ID section. - Copy the
Client secret
and paste it into your Keycloak Provider details page in the Client Secret section. Don’t close this tab. - You can (and should) download the JSON file and keep it somewhere safe for future reference.
- Under Advance settings*, copy and paste the following value into the field Scope:
- These permission scopes will allow us to access authenticated users’ email and authenticate account details.
- Toggle the fields Store tokens and Trust Email to turn them on. You can compare your information to the table below to make sure the details are correctly configured.
- On the top right side of the page, toggle the Disabled switch to Enabled.
- Publish your OAuth Application
- Navigate back to Google Cloud console, on the left side of the page, click on
OAuth consent screen
. - Click on
PUBLISH APP
.
Google OAuth and Keycloak configuration details
Google VS. Keycloak | Google OAuth | Keycloak Provider Details |
---|---|---|
URL | Authorized redirect URI | Redirect URI |
ID | Client ID | Client ID |
Secrets | Client secret | Client Secret |
Scopes |
| openid profile email |
Keycloak Advance Settings | Details |
---|---|
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
Confirm Google is Working
You can now open your Daytona dashboard on the browser and try to sign in with your Google account.
Azure Active Directory (now Microsoft Entra ID)
The following section will guide you through how to configure Azure as an identity provider for your Daytona installation. You will need a registered Azure account associated with a registered Microsoft Azure tenant. We assume you are familiar with Azure interface and have experience interacting with it.
Configure Azure Active Directory in Keycloak
- Log into Default Realm in Keycloak
- Log into your Keycloak’s Administration with credentials you obtained from the prerequisites section.
- After you sign in, make sure you are on the
default realm
. You should see the homepage show Welcome to default at the center of the screen. - If not (the homepage shows scattered information with Server info with the title master realm), you can select
default
under the dropdown menu on the top left side of the homepage.
- Obtain Redirect URL
- Under the default realm, click on
Identity Providers
under the Configure section on the left sidebar. - Click on
azure
(should be labeled withdisabled
at the moment). - On the next page, Provider details, copy the
Redirect URI
and note it down, as we will need it later. Don’t close this tab.
- Register an Application in Azure
- Sign in to your Azure portal with this link. Or on your Azure portal, search for App registrations and then click on
New registration
. - For
Name
, we recommend using your Daytona deploy domain for easy recognition. - For
Supported account types
, you can choose an option based on your organization needs. If you often have external contractors, selectAccounts in any organizational directory
. - Under the Redirect URI section, select
Web
and paste the Redirect URI you have copied from the previous step (from the Keycloak dashboard) into theRedirect URI
input field. - Click on
Register
.
- Copy Client ID and Secrets
- You will then be redirected to the overview page of your application.
- Copy the
Application (client) ID
and paste it into your Keycloak Provider details page in the Client ID section. - Under Certificates & secrets, click on
New client secret
. Copy theValue
and paste it into your Keycloak Provider details page in the Client Secret section.
- Configure Keycloak
- Under Advance settings, copy and paste the following value into the field
Scope
:
- These permission scopes will allow us to access authenticated users’ email, account details, and authenticate users via their Azure account or Microsoft account.
- Toggle the fields
Store tokens
andTrust Email
to turn them on. You can compare your information to the table below to make sure the details are correctly configured. - Click
Save
. - On the top right side of the page, toggle the Disabled switch to
Enabled
.
Azure and Keycloak configuration details
Azure VS. Keycloak | Azure | Keycloak Provider Details |
---|---|---|
URL | Redirect URI | Redirect URI |
ID | Application (client) ID | Client ID |
Secrets | Value (in Credentials in secrets) | Client Secret |
Scopes |
| openid profile email user.read |
Keycloak Advance Settings | Details |
---|---|
Store tokens | On |
Accepts prompt=none forward from client | Off |
Disable user info | Off |
Trust Email | On |
Hide on login page | Off |
Verify essential claim | Off |
First login flow (dropdown) | first broker login |
Post login flow | None |
Sync mode | Import |
Confirm Azure is Working
You can now open your Daytona dashboard on the browser and try to sign in with your Azure/Microsoft account.
Disable Identity Provider
In this section, we will walk you through how to disable an identity provider on Keycloak for your Daytona installation.
- Sign into Keycloak
- Go onto
https://id.domain.com
in the browser and click onAdministration Console
, then sign in with the credentials you’ve obtained while installing Daytona.
- Select Identity Providers on the Default Realm
- Once you sign in, confirm on the top left corner of the page that you are on the
default
realm. SelectIdentity providers
under the Configure section.
- Toggle Disable
- On the Identity providers page, click on the identity provider you wish to disable. You will then be directed to the Identity providers > Provider details > selected-identity-provider page. On the top right side of the configuration page, toggle Enabled to
Disabled
.
Delete Identity Provider on Keycloak
- Select Identity Providers on Keycloak
- Go onto
https://id.domain.com
in the browser and click onAdministration Console
, then sign in with the credentials you’ve obtained while installing Daytona. Once you sign in, confirm that you are on thedefault
realm. SelectIdentity providers
under the Configure section.
- Select Delete
- Once you are on the identity provider page, find your selected identity provider and click on the three dots
...
button. On the dropdown menu selectDelete
.