LogoLogo
Release notesPython SDK docsDocs homeTextual CloudTonic.ai
  • Tonic Textual guide
  • Getting started with Textual
  • Previewing Textual detection and redaction
  • Entity types that Textual detects
    • Built-in entity types
    • Managing custom entity types
  • Language support in Textual
  • Datasets - Create redacted files
    • Datasets workflow for text redaction
    • Creating and managing datasets
    • Assigning tags to datasets
    • Adding and removing dataset files
    • Reviewing the sensitivity detection results
    • Configuring the redaction
      • Configuring added and excluded values for built-in entity types
      • Working with custom entity types
      • Selecting the handling option for entity types
      • Configuring synthesis options
      • Configuring handling of file components
    • Adding manual overrides to PDF files
      • Editing an individual PDF file
      • Creating templates to apply to PDF files
    • Sharing dataset access
    • Previewing the original and redacted data in a file
    • Downloading redacted data
  • Pipelines - Prepare LLM content
    • Pipelines workflow for LLM preparation
    • Viewing pipeline lists and details
    • Assigning tags to pipelines
    • Setting up pipelines
      • Creating and editing pipelines
      • Supported file types for pipelines
      • Creating custom entity types from a pipeline
      • Configuring file synthesis for a pipeline
      • Configuring an Amazon S3 pipeline
      • Configuring a Databricks pipeline
      • Configuring an Azure pipeline
      • Configuring a Sharepoint pipeline
      • Selecting files for an uploaded file pipeline
    • Starting a pipeline run
    • Sharing pipeline access
    • Viewing pipeline results
      • Viewing pipeline files, runs, and statistics
      • Displaying details for a processed file
      • Structure of the pipeline output file JSON
    • Downloading and using pipeline output
  • Textual Python SDK
    • Installing the Textual SDK
    • Creating and revoking Textual API keys
    • Obtaining JWT tokens for authentication
    • Instantiating the SDK client
    • Datasets and redaction
      • Create and manage datasets
      • Redact individual strings
      • Redact individual files
      • Transcribe and redact an audio file
      • Configure entity type handling for redaction
      • Record and review redaction requests
    • Pipelines and parsing
      • Create and manage pipelines
      • Parse individual files
  • Textual REST API
    • About the Textual REST API
    • REST API authentication
    • Redaction
      • Redact text strings
  • Datasets
    • Manage datasets
    • Manage dataset files
  • Snowflake Native App and SPCS
    • About the Snowflake Native App
    • Setting up the app
    • Using the app
    • Using Textual with Snowpark Container Services directly
  • Install and administer Textual
    • Textual architecture
    • Setting up and managing a Textual Cloud pay-as-you-go subscription
    • Deploying a self-hosted instance
      • System requirements
      • Deploying with Docker Compose
      • Deploying on Kubernetes with Helm
    • Configuring Textual
      • How to configure Textual environment variables
      • Configuring the number of textual-ml workers
      • Configuring the number of jobs to run concurrently
      • Configuring the format of Textual logs
      • Setting a custom certificate
      • Configuring endpoint URLs for calls to AWS
      • Enabling PDF and image processing
      • Setting the S3 bucket for file uploads and redactions
      • Required IAM role permissions for Amazon S3
      • Configuring model preferences
    • Viewing model specifications
    • Managing user access to Textual
      • Textual organizations
      • Creating a new account in an existing organization
      • Single sign-on (SSO)
        • Viewing the list of SSO groups in Textual
        • Azure
        • GitHub
        • Google
        • Keycloak
        • Okta
      • Managing Textual users
      • Managing permissions
        • About permissions and permission sets
        • Built-in permission sets and available permissions
        • Viewing the lists of permission sets
        • Configuring custom permission sets
        • Configuring access to global permission sets
        • Setting initial access to all global permissions
    • Textual monitoring
      • Downloading a usage report
      • Tracking user access to Textual
Powered by GitBook
On this page
  • Keycloak configuration
  • Textual configuration
  • Disabling pushed authorization requests

Was this helpful?

Export as PDF
  1. Install and administer Textual
  2. Managing user access to Textual
  3. Single sign-on (SSO)

Keycloak

Last updated 23 days ago

Was this helpful?

Use these instructions to set up Keycloak as your SSO provider for Tonic Textual.

Keycloak configuration

Within Keycloak, select the realm to use for your Textual client. Under Clients, click Create client.

On the Create client page, under General Settings:

  1. From the Client type dropdown list, select OpenID Connect.

  2. Enter a Client ID and Name.

  3. Click Next.

On the Capability Config tab, click Save. The details page for the new client displays.

On the Settings tab, under Access settings, enter your Textual URL information.

Click Client scopes. Each client has a dedicated scope named <client-id>-dedicated. To configure the scope, click the scope name.

On the Mappers tab, to add a property mapper to the scope, click Configure a new mapper.

In the list of mapper types, click Group Membership.

Under Add mapper, set both Name and Token Claim Name to groups.

The Full group path toggle affects how child groups appear in Tonic:

  • When on, child groups display as parent group/child group.

  • When off, child groups display as child group.

To save the new group membership mapper, click Save.

Textual configuration

  • The realm URL

  • The client identifier

  • The client secret, if client authentication is enabled

For Kubernetes, in values.yaml:

# Keycloak SSO Config
# -----------------
#keycloakClientId: <client-id>
#keycloakClientSecret: <client-secret>
#keycloakAuthority: <authority-url>

For Docker, in .env:

#SOLAR_SSO_KEYCLOAK_AUTHORITY=#<keycloak_url_with_scheme>/realms/<realm_name>
#SOLAR_SSO_KEYCLOAK_CLIENT_ID=#<client identifier>
#SOLAR_SSO_KEYCLOAK_CLIENT_SECRET=#<client secret>

Disabling pushed authorization requests

The environment variable SOLAR_SSO_KEYCLOAK_DISABLE_PUSHED_AUTHORIZATION determines whether to disable Keycloak pushed authorization requests.

By default, this is false.

You would set this to true to troubleshoot Keycloak authentication issues.

After you complete the configuration in Keycloak, you uncomment and configure the required in Textual.

environment variables
Create client option for Keycloak
Create client fields for a Keycloak client
Access settings for a Keycloak client
Client scopes tab for a Keycloak client
Options to add a property mapper to a Keycloak client scope
Available mapper types for a Keycloak client scope property mapper
Configuration options for a Keycloak property mapper