1210 - How to set up an Identity Management System (IMS) from the Control Centre

On the Control Centre home page, click on the gear (Settings) icon at the top right.

Select your identity provider from the list on the left and continue based on your selection.

• Microsoft Azure Active Directory
• Google
• Other

Microsoft Azure Active Directory

When you select Microsoft Azure Active Directory as the identity provider you want to set up, you will be prompted for the following information:

To obtain this information:

1. Log into the Microsoft Azure portal.
2. Choose Azure Active Directory in the sidebar on the left.
   
   
   At the top of the page you will see your domain name as registered with Microsoft (e.g. enterprise.com). Copy and paste this into the Tenant Domain field in the Control Centre form.
3. Go to App Registrations.
   
   
4. Click on New registration.
   
   
5. Enter a user-friendly name to identify the app, e.g. Redstor Control Centre.
6. Under Supported account types, select the first option (Accounts in this organizational directory only).
7. Under Redirect URI (optional), select Web and enter the URI provided above the setup form in the Control Centre.
   
   
    
   Click Register.
8. Copy the application ID that is generated. Copy and paste this into the Client ID field in the Control Centre form.
9. Add a password by going to Settings > Keys > Password. Copy and paste this into the Client Secret field in the Control Centre form.

To complete the setup process in the Control Centre, leave the Extra Options field blank and click Submit.

For more help, see this guide.

Google

When you select Google Cloud as the identity provider you want to set up, you will be prompted for the following information:

To obtain this information:

1. Log into the Google Cloud Platform.
2. Go to Select a project > New project.
3. Enter a name and location for the project and click Create.
4. Click on OAuth consent screen and provide the required details.
5. Click on Credentials and select OAuth client ID.
6. Under Application type, select Web application.
7. Supply a user-friendly name to identify the app, e.g. Redstor Control Centre.
8. In the Authorised redirect URIs field, enter the URI provided above the setup form in the Control Centre.
   
   
   
   Click Create.
9. A Client ID and Client Secret will be generated - copy and paste these into the Control Centre form.

To complete the setup process in the Control Centre, enter access_type=offline,prompt=consent in in the Extra Options field. Then click Submit.

For more help, see this guide. 

Other

We currently only support Keycloak as an alternative to Microsoft and Google. To set up Keycloak as your identity provider, follow the steps below.

In the Control Centre, when you select Other as your identity provider, you will be prompted for the following information:

To obtain this information:

1. Log into the Keycloak Admin Console.
2. In the Master drop-down menu, click Add Realm. Enter a name and click Create.
3. (optional) Configure the Realm's Token settings (token expiry, timeouts, etc.).
4. Go to Clients > Add Client. Copy and paste the Client ID you create here into the Control Centre form. Select openid-connect as the Client Protocol and click Save.
5. In the Settings tab, choose confidential as the Access Type to expose the Client Secret in a new Client > Credentials tab. Copy and paste this Client Secret into the Control Centre form.
6. Enable Standard Flow and disable Implicit Flow.
7. Use the wildcard * for Valid Redirect URIs.
8. Use https://{KEYCLOAK_DOMAIN}/auth/realms/{REALM_ID}/.well-known/openid-configuration as the Discovery URI in the Control Centre form.

To complete the setup process in the Control Centre, leave the Extra Options field blank and click Submit.