Setting up SSO¶
Libredesk supports external OpenID Connect providers (e.g., Google, Keycloak) for signing in users.
Note
User accounts must be created in Libredesk manually; signup is not supported.
Generic Configuration Steps¶
Since each provider’s configuration might differ, consult your provider’s documentation for any additional or divergent settings.
-
Provider setup:
In your provider’s admin console, create a new OpenID Connect application/client. Retrieve:- Client ID
- Client Secret
-
Libredesk configuration: In Libredesk, navigate to Security > SSO and click New SSO and enter the following details:
- Provider URL (e.g., the URL of your OpenID provider)
- Client ID
- Client Secret
- A descriptive name for the connection
-
Redirect URL:
After saving, copy the generated Callback URL from Libredesk and add it as a valid redirect URI in your provider’s client settings.
Provider Examples¶
Keycloak¶
-
Log in to your Keycloak Admin Console.
-
In Keycloak, navigate to Clients and click Create:
- Client ID (e.g.,
libredesk-app) - Client Protocol:
openid-connect - Root URL and Web Origins: your app domain (e.g.,
https://ticket.example.com) - Under Authentication flow, uncheck everything except the standard flow
- Click save
- Client ID (e.g.,
-
Go to the credentials tab:
- Ensure client authenticator is set to
Client Id and Secret - Note down the generated client secret
- Ensure client authenticator is set to
-
In Libredesk, go to Admin > Security > SSO and click New SSO:
- Provider URL (e.g.,
https://keycloak.example.com/realms/yourrealm) - Name (e.g.,
Keycloak) - Client ID
- Client secret
- Click save
- Provider URL (e.g.,
-
After saving, click on the three dots and choose Edit to open the new SSO entry.
-
Copy the generated Callback URL from Libredesk.
-
Back in Keycloak, edit the client and add the Callback URL to Valid Redirect URIs:
- e.g.,
https://ticket.example.com/api/v1/oidc/1/finish
- e.g.,