3 Keycloak Integration and Management

Oracle Linux Virtualization Manager uses Keycloak as the default Identity and Access Management (IAM) service for Single Sign-On (SSO). Keycloak replaces the legacy AAA authentication method and provides modern authentication capabilities such as user federation (Active Directory or LDAP), multifactor authentication (MFA), and centralized user and group management.

This chapter describes how to configure Keycloak for Oracle Linux Virtualization Manager, including federation with Microsoft Active Directory, importing groups, mapping groups to roles in the Manager, enabling SSO access to the Monitoring Portal (Grafana), and configuring OTP-based MFA.

Note:

In new deployments, we recommend using Keycloak SSO for authentication and user/group federation. The legacy internal domain (AAA) can be retained for recovery and backward compatibility, but isn't the recommended option for production access.