Keycloak Config

Introduction

Diffgram is well integrated with KeyCloak. You can use your existing Keycloak installation or host your own.

Keycloak:

  • Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers.
  • Keycloak has built-in support to connect to existing LDAP or Active Directory servers.

If you already have an existing installation of KeyCloak you can be up and running in moments with a default configuration.

Use Cases

  • Identity Platform Integration
  • Seperate user permission and resource usage concerns

For example, if you have files and tasks that are associated with a specific object, such as a customer of yours. For example some files may contain Personally Identifiable Information (PII). You may already have configured user roles and scopes regarding who can access these resources. Your data science team, and compute resources may have different requirements. This allows you to cross-cut concerns and shape appropriate machine learning projects, like "improve ABC" while maintaining the highest level of per file per user Authorization.

DataLake Example

When using Diffgram as your DataLake for Training Data you can maintain existing permission concepts by including metadata on files. This means your existing governance structure can live alongside your data. As predictions, new data, annotations, etc. flow in, the data catalog grows. Files are used, organized and curated while seamlessly maintaining compliance concerns.

Process for Existing KeyCloak Installation

Setup Docs

Composite Roles

If you already have roles, such as Manager or CEO in your company, you can extend those roles with Diffgram client roles. This reduces having to add roles for each user.

  1. Go to Roles
  2. Select Role
  3. Composite Roles
  4. Client Roles, Diffgram
  5. Add desired Role.

Adding Roles Directly to a User

  1. Go to Users
  2. Go to Desired User
  3. On a User, go to Role Mappings Tab
  4. Add Client Roles, Diffgram
  5. Add Desired Roles for example Editor, admin

Did this page help you?