Prerequisites

1. User Authorization is based on RIVO organization structure. Therefore, users should be defined in RIVO by the organization Administrator before attempting to login by SSO.

2. To login RIVO using the external Azure Entra ID, please access the system via “Use single sign-on” link. RIVO internal Authentication is available and can be used based on customer preferences 

   Initial setup

   Keycloak idp Provider

1.Login into Keycloak, go to Identity Providers, select the required provider from the combobox

2.It is required to set Alias value equal to the domain name of the user’s email address. In the examples in this article  the Alias value will be gmail.com, that is convenient for demo purposes.

4.Add Identity provider

Copy the generated value of Redirect URI and paste it into Service Provider Entity ID field, which is located below in Keycloak IdP provider page.

The value of value of Redirect URI should be sent to the owner of the IdP.

Also send to the owner of the IdP RIVO logout URL, which is specufic for RIVO environment, e.g.:

https://kc.sandbox.rivo.trade/users/api/v1/logoutSso