In production environments it is recommendet to connect Smartfacts directly to your OIDC provider. In this case no Keycloak and no CAMP component is deployed. There will be no pre-provisioning of users. As soon as a user logs in into Smartfacts, he will be provisioned on the fly.
Configure the deployment
Disable deployment of CAMP and Keycloak components
To disable the deployment of the CAMP and the Keycloak, add the following two lines in the values file:
...
Make sure, that you do not already have section for camp and Keykloak in your values file. If so, replace them.
Configure the connection to the OIDC provider
In the “global” section of your values file add the information of you OIDC provider:
...
In line 6 replace the placeholder <OIDC client secret> with the client secret of the client.
Configure access rules
In a second step access rules and optional groups must be configured. To do so create a new text file “group-rules.yaml” and paste the following text into it:
...
To adopt the rules to your environment, configure the necessary information in the file.
Configure Allowed email adresses
Line 8 is a pattern for all valid email-Adresses of the users. So the value “@” allows all users known by your OIDC provider to login into Smartfacts.
Configure Account administrators
Please replace line 13 with the email adress of the person who will be account addministrator. By inserting more lines (all starting with “-”) you can add additional account administrators.
Redeploy Smartfacts
For the deployment, additionally state the file “group-rules.yaml“ in the upgrade command.
...