CISO Assistant
  • 👋Welcome to CISO Assistant
  • Guide
    • Installation
    • Understanding decoupling
    • General tips
    • Journeys
    • 🏗️Creating your first perimeter
    • ✅Creating your first Audit
    • 📊Creating your first risk assessment
    • 🔎Overview
    • 🧰Extra tools
    • 🌐External resources
    • Understand mapping
    • Glossary
    • Data import wizard
  • Features highlight
    • Controls autosuggestion
    • Multi-level support
    • Flash mode
    • Evidences from clipboard
    • Library upgrade
    • Mapping explorer
    • SSO
      • Microsoft Entra ID
      • Okta
      • Keycloak
      • Google Workplace
    • Setting up Multi-Factor Authentication (MFA)
  • Model
    • 📁Organization
      • Add and manage users
      • User Groups
    • ⚙️Context
    • 🏛️Governance
    • 💣Risk
    • 📋Compliance
  • Deployment
    • Prerequisites
    • Local
    • Remote/Virtualization
    • Deploy on a VPS
    • Frequent questions
    • Setting up mailer
    • Updating your local instance
    • Helm Chart
    • Special cases
    • Upgrading a library
  • ✨Customization
    • Getting your custom framework
    • CIS Controls
    • Changing the language
  • Contributing
    • Internationalization
      • Translating the interface
    • Submit a library
  • Academy
    • Overview
    • Third Parties Risk Management
    • Etude EBIOS RM
Powered by GitBook

Community

  • Github
  • Discord

intuitem

  • Home
  • SaaS trial

© intuitem, 2018-2024

On this page

Was this helpful?

Export as PDF
  1. Features highlight
  2. SSO

Keycloak

Configure Keycloak as an Identity Provider for CISO Assistant

PreviousOktaNextGoogle Workplace

Last updated 8 months ago

Was this helpful?

If Keycloak and CISO Assistant are both deployed locally with docker, you'll need to make sure that both containers can communicate together. You can do this with a .

Go into your Keycloak admin console

  1. Open the sidebar menu > Clients and Create client

  2. Choose SAML client type and name it ciso-assistant or with your custom SP Entity ID

  3. Fill the Home URL by your <base_url> and Valid redirect URIs by <backend_url/*>

    If you have some problems to configure these urls you can ask for help on or by mailing us

  4. Go into Keys and disable Signing keys config

  5. Go into Advanced and fill ACS field by <backend_url/api/accounts/saml/0/acs/> (on a cloud instance it is simply <base_url/api/accounts/saml/0/acs/>)

  6. Go to Client scopes and click on ciso-assistant-dedicated

  7. Add a predefined mapper and check all X500 ones

  8. Click on X500 surname and replace SAML Attribute name by http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

  9. Click on X500 givenName and replace SAML Attribute name by http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

  10. Go into Realm settings > General, you will find the Metadata URL

  11. You'll find inside the Metadata URL the Entity ID

Add a user in your application doesn't automatically create the user on CISO Assistant

You can now with the 3 parameters you've retrieved.

configure CISO Assistant
bridge network
Discord