OpenMetadata/openmetadata-docs/content/v1.6.x/deployment/security/keycloak/auth-code-flow.md

---
title: Auth code flow of Keyclock
slug: /deployment/security/keycloak/auth-code-flow
collate: false
---

# Auth Code Flow 


### Step 1: Create OpenMetadata as a new Client
- Click on `Clients` in the menu.
- Click on `Create Client` button.
- Select the `Client type`.
- Enter the `Client ID`.
- Enter the Name and Description `(Optional)`.
- Click on `Next` button.

{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-3.png" alt="add-client" /%}

### Step 2: Edit Configs of the client
- Enable `Client authentication` and `Authorization`.
- Select `Standard flow` as an `Authentication flow`.
- Click `Next`.

{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-4.png" alt="compatibility configs" /%}

### Step 3: Add Login Settings
- fill the required options

{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-5.png" alt="edit-settings-url.png" /%}

- Click on `Save` button.

{% note %}

Note: Scopes `openid`, `email` & `profile` are required to fetch the user details so you will have to add these scopes in your client.

{% /note %}

### Step 3: Where to Find the Credentials

- Navigate to the `Credentials` tab.
- You will find your `Client Secret` related to the Client id "open-metadata"

{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-6.png" alt="client-credentials" /%}


After the applying these steps, the users in your realm are able to login in the openmetadata, as a suggestion create a user called "admin-user". Now you can update the configuration of your deployment:

{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="celebration"
    bold="Docker Security"
    href="/deployment/security/keycloak/docker" %}
    Configure Keycloak SSO for your Docker Deployment.
  {% /inlineCallout %}
  {% inlineCallout
    color="violet-70"
    icon="storage"
    bold="Bare Metal Security"
    href="/deployment/security/keycloak/bare-metal" %}
    Configure Keycloak SSO for your Bare Metal Deployment.
  {% /inlineCallout %}
  {% inlineCallout
    color="violet-70"
    icon="fit_screen"
    bold="Kubernetes Security"
    href="/deployment/security/keycloak/kubernetes" %}
    Configure Keycloak SSO for your Kubernetes Deployment.
  {% /inlineCallout %}
{% /inlineCalloutContainer %}

{% inlineCalloutContainer %}
  {% inlineCallout
    color="violet-70"
    icon="MdArrowBack"
    bold="KeyCloak"
    href="/deployment/security/keycloak" %}
    Go to KeyCloak Configuration
  {% /inlineCallout %}
{% /inlineCalloutContainer %}
Updated docs for implicit and auth code flow sso (#19126) Co-authored-by: Tarun <tarun.p@deuexsolutions.com> 2024-12-18 15:03:29 +05:30			`---`
			`title: Auth code flow of Keyclock`
			`slug: /deployment/security/keycloak/auth-code-flow`
			`collate: false`
			`---`

			`# Auth Code Flow`


			`### Step 1: Create OpenMetadata as a new Client`
			- Click on `Clients` in the menu.
			- Click on `Create Client` button.
			- Select the `Client type`.
			- Enter the `Client ID`.
			- Enter the Name and Description `(Optional)`.
			- Click on `Next` button.

			`{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-3.png" alt="add-client" /%}`

			`### Step 2: Edit Configs of the client`
			- Enable `Client authentication` and `Authorization`.
			- Select `Standard flow` as an `Authentication flow`.
			- Click `Next`.

			`{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-4.png" alt="compatibility configs" /%}`

			`### Step 3: Add Login Settings`
			`- fill the required options`

			`{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-5.png" alt="edit-settings-url.png" /%}`

			- Click on `Save` button.

			`{% note %}`

			Note: Scopes `openid`, `email` & `profile` are required to fetch the user details so you will have to add these scopes in your client.

			`{% /note %}`

			`### Step 3: Where to Find the Credentials`

			- Navigate to the `Credentials` tab.
			- You will find your `Client Secret` related to the Client id "open-metadata"

feat: Updated And Refactor Docs (#19211) * Updated Docs * Updated * updated image versions --------- Co-authored-by: Tarun <tarun.p@deuexsolutions.com> Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com> 2025-01-03 18:10:07 +05:30			`{% image src="/images/v1.6/deployment/security/keycloak/keycloak-step-6.png" alt="client-credentials" /%}`


			`After the applying these steps, the users in your realm are able to login in the openmetadata, as a suggestion create a user called "admin-user". Now you can update the configuration of your deployment:`

			`{% inlineCalloutContainer %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="celebration"`
			`bold="Docker Security"`
			`href="/deployment/security/keycloak/docker" %}`
			`Configure Keycloak SSO for your Docker Deployment.`
			`{% /inlineCallout %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="storage"`
			`bold="Bare Metal Security"`
			`href="/deployment/security/keycloak/bare-metal" %}`
			`Configure Keycloak SSO for your Bare Metal Deployment.`
			`{% /inlineCallout %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="fit_screen"`
			`bold="Kubernetes Security"`
			`href="/deployment/security/keycloak/kubernetes" %}`
			`Configure Keycloak SSO for your Kubernetes Deployment.`
			`{% /inlineCallout %}`
			`{% /inlineCalloutContainer %}`

			`{% inlineCalloutContainer %}`
			`{% inlineCallout`
			`color="violet-70"`
			`icon="MdArrowBack"`
			`bold="KeyCloak"`
			`href="/deployment/security/keycloak" %}`
			`Go to KeyCloak Configuration`
			`{% /inlineCallout %}`
			`{% /inlineCalloutContainer %}`