Connect SSO

For AUTH_METHOD = azure

• AZURE_AUTHORIZATION_URL — authorization endpoint URL. Example: https://login.microsoftonline.com/HohLpGvI.../oauth2/v2.0/authorize

• AZURE_TOKEN_URL — token endpoint URL. Example: https://login.microsoftonline.com/HohLpGvI.../oauth2/v2.0/token

• AZURE_API_URL — API information endpoint URL. Example: https://graph.microsoft.com/v1.0

• AZURE_CLIENT_ID — application ID in Azure. Example: 0FYSAWm1A-1x4k-e14H-0LHe-gf6qwElcYuz

• AZURE_CLIENT_SECRET — application secret in Azure. Example: rY3yh*suIebMk^k0KGoi3azsIBP&FY@odQsgFVdc

For AUTH_METHOD = adfs

• ADFS_CERT — certificate used for authentication in ADFS.

• ADFS_ENTRYPOINT — authentication entry point. Example: https://adfs.gram.ax/adfs/ls/

• ADFS_ISSUER — ADFS identifier. Example: https://adfs.gram.ax/

• ADFS_CALLBACK_URL — callback URL after successful authentication. Example: https://app.gram.ax/auth/cb

For AUTH_METHOD = keycloak

• KEYCLOAK_SERVER_URL — Keycloak server URL. Example: https://keycloak.gram.ax/auth/

• KEYCLOAK_REALM — realm name in Keycloak. Example: gramax

• KEYCLOAK_CLIENT_ID — Keycloak client ID.

• KEYCLOAK_USE_ACCESS_TOKEN_INFO — whether to read user info from access_token. Example: KEYCLOAK_USE_ACCESS_TOKEN_INFO=true

For AUTH_METHOD = openid

• OPEN_ID_SERVER_URL — OpenID server URL. Example: https://keycloak.gram.ax/auth/

• OPEN_ID_REALM — realm name in OpenID. Example: gramax

• OPEN_ID_CLIENT_ID — OpenID client ID.

• OPEN_ID_CLIENT_SECRET — OpenID client secret.

For AUTH_METHOD = ldap

• LDAP_URL — LDAP server URL. Example: ldap://ldap.example.com:389 or ldaps://ldap.example.com:636

• LDAP_ADMIN_DN — DN of the administrative user with directory search permissions. Example: gramax@gramax.ru

• LDAP_ADMIN_PASSWORD — password of the administrative user. Example: secretAdminPass

• LDAP_USER_SEARCH_BASE — DN of the base user search point. Example: ou=users,dc=example,dc=com

• LDAP_USERNAME_ATTRIBUTE — user attribute for search. Example: samaccountname, cn, mail

• LDAP_USER_DN — DN of a specific user, if known directly. Example: OU=Enabled,OU=GRAMAX-USERS,DC=gramax,DC=local

• LDAP_GROUP_SEARCH_BASE — DN of the base group search point. Example: ou=groups,dc=example,dc=com

• LDAP_GROUP_CLASS — object class of the group entry. Example: groupOfNames

• LDAP_GROUP_MEMBER_ATTRIBUTE — attribute in a group entry containing its members. Example: member

• LDAP_GROUP_MEMBER_USER_ATTRIBUTE — user attribute matched with LDAP_GROUP_MEMBER_ATTRIBUTE. Example: dn

• LDAP_ATTRIBUTES — comma-separated list of user attributes to return. If not specified, all are returned. Example: cn,sn,mail

For AUTH_METHOD = kerberos

• KERBEROS_REALM — Kerberos realm (Active Directory domain). Must be in UPPERCASE. Example: COMPANY.LOCAL

• KERBEROS_SERVICE_PRINCIPAL — Service Principal Name (SPN). Format: HTTP/hostname@REALM. Example: HTTP/gramax.company.local@COMPANY.LOCAL

• KRB5_KTNAME — environment variable for the Kerberos library. Format: FILE:/path/to/keytab. Example: FILE:/opt/gramax/config/gramax.keytab

• KERBEROS_REALM must exactly match the Active Directory domain in UPPERCASE

• KERBEROS_SERVICE_PRINCIPAL must match the SPN registered in Active Directory

• The path in KRB5_KTNAME must start with the FILE: prefix

• The keytab file must have 600 permissions

For AUTH_METHOD = azure

• AZURE_AUTHORIZATION_URL — authorization endpoint URL. Example: https://login.microsoftonline.com/HohLpGvI.../oauth2/v2.0/authorize

• AZURE_TOKEN_URL — token endpoint URL. Example: https://login.microsoftonline.com/HohLpGvI.../oauth2/v2.0/token

• AZURE_API_URL — API information endpoint URL. Example: https://graph.microsoft.com/v1.0

• AZURE_CLIENT_ID — application ID in Azure. Example: 0FYSAWm1A-1x4k-e14H-0LHe-gf6qwElcYuz

• AZURE_CLIENT_SECRET — application secret in Azure. Example: rY3yh*suIebMk^k0KGoi3azsIBP&FY@odQsgFVdc

For AUTH_METHOD = adfs

• ADFS_CERT — certificate used for authentication in ADFS.

• ADFS_ENTRYPOINT — authentication entry point. Example: https://adfs.gram.ax/adfs/ls/

• ADFS_ISSUER — ADFS identifier. Example: https://adfs.gram.ax/

• ADFS_CALLBACK_URL — callback URL after successful authentication. Example: https://app.gram.ax/auth/cb

For AUTH_METHOD = keycloak

• KEYCLOAK_SERVER_URL — Keycloak server URL. Example: https://keycloak.gram.ax/auth/

• KEYCLOAK_REALM — realm name in Keycloak. Example: gramax

• KEYCLOAK_CLIENT_ID — Keycloak client ID.

• KEYCLOAK_USE_ACCESS_TOKEN_INFO — whether to read user info from access_token. Example: KEYCLOAK_USE_ACCESS_TOKEN_INFO=true

For AUTH_METHOD = openid

• OPEN_ID_SERVER_URL — OpenID server URL. Example: https://keycloak.gram.ax/auth/

• OPEN_ID_REALM — realm name in OpenID. Example: gramax

• OPEN_ID_CLIENT_ID — OpenID client ID.

• OPEN_ID_CLIENT_SECRET — OpenID client secret.

For AUTH_METHOD = ldap

• LDAP_URL — LDAP server URL. Example: ldap://ldap.example.com:389 or ldaps://ldap.example.com:636

• LDAP_ADMIN_DN — DN of the administrative user with directory search permissions. Example: gramax@gramax.ru

• LDAP_ADMIN_PASSWORD — password of the administrative user. Example: secretAdminPass

• LDAP_USER_SEARCH_BASE — DN of the base user search point. Example: ou=users,dc=example,dc=com

• LDAP_USERNAME_ATTRIBUTE — user attribute for search. Example: samaccountname, cn, mail

• LDAP_USER_DN — DN of a specific user, if known directly. Example: OU=Enabled,OU=GRAMAX-USERS,DC=gramax,DC=local

• LDAP_GROUP_SEARCH_BASE — DN of the base group search point. Example: ou=groups,dc=example,dc=com

• LDAP_GROUP_CLASS — object class of the group entry. Example: groupOfNames

• LDAP_GROUP_MEMBER_ATTRIBUTE — attribute in a group entry containing its members. Example: member

• LDAP_GROUP_MEMBER_USER_ATTRIBUTE — user attribute matched with LDAP_GROUP_MEMBER_ATTRIBUTE. Example: dn

• LDAP_ATTRIBUTES — comma-separated list of user attributes to return. If not specified, all are returned. Example: cn,sn,mail

For AUTH_METHOD = kerberos

• KERBEROS_REALM — Kerberos realm (Active Directory domain). Must be in UPPERCASE. Example: COMPANY.LOCAL

• KERBEROS_SERVICE_PRINCIPAL — Service Principal Name (SPN). Format: HTTP/hostname@REALM. Example: HTTP/gramax.company.local@COMPANY.LOCAL

• KRB5_KTNAME — environment variable for the Kerberos library. Format: FILE:/path/to/keytab. Example: FILE:/opt/gramax/config/gramax.keytab

• KERBEROS_REALM must exactly match the Active Directory domain in UPPERCASE

• KERBEROS_SERVICE_PRINCIPAL must match the SPN registered in Active Directory

• The path in KRB5_KTNAME must start with the FILE: prefix

• The keytab file must have 600 permissions

For CONNECTOR_TYPE=ldap

• LDAP_URL — LDAP server URL. Example: ldap://ldap.example.com:389 or ldaps://ldap.example.com:636

• LDAP_ADMIN_DN — user DN with directory search permissions. Example: gramax@gramax.ru

• LDAP_ADMIN_PASSWORD — password of the user specified in LDAP_ADMIN_DN. Example: secretAdminPass

• LDAP_USER_SEARCH_BASE — DN of the base user search point. Example: ou=users,dc=example,dc=com

• LDAP_GROUP_CLASS — LDAP object class used to search for groups. Example: group

• LDAP_GROUP_SEARCH_BASE — DN of the base group search point. Example: ou=groups,dc=example,dc=com

• LDAP_SEARCH_GROUP_LIMIT — maximum number of groups returned during LDAP search. Example: 15

For CONNECTOR_TYPE=keycloak

• KEYCLOAK_SERVER_URL — Keycloak server URL. Example: https://keycloak.gram.ax/auth/

• KEYCLOAK_REALM — realm name in Keycloak. Example: gramax

• KEYCLOAK_API_TOKEN — access token.

For CONNECTOR_TYPE=scim

• SCIM_SERVER_URL — SCIM server URL. Example: https://scim.gram.ax/auth/

• SCIM_TOKEN — access token (used instead of SCIM_ADMIN_LOGIN + SCIM_ADMIN_PASSWORD).

• SCIM_GET_USERS_FILTER — filter for user search. Default: userName co "${searchSubstring}"

• SCIM_ADMIN_LOGIN — username for Basic authorization (instead of SCIM_TOKEN).

• SCIM_ADMIN_PASSWORD — password for Basic authorization (instead of SCIM_TOKEN).