Removing SSO Authentication from DAI
This page describes how to remove single sign-on (SSO) authentication from your DAI installation. This process reverts DAI to a standalone system that uses its embedded identity and access management provider, Keycloak, for user authentication.
The process for removing single sign-on (SSO) authentication from DAI/Keycloak is to run the same identity_provider
procedure (Windows command-line process) we used to set it up. For information about the setup process, see Enabling SSO in DAI with Entra ID and SAML v2 or Enabling SSO in DAI with Entra ID and OIDC.
This process does not remove anything from your identity provider (Entra ID). If you want to permanently remove SSO, you may also want to remove the corresponding configuration from your identity provider.
Prerequisites
Requirement | Description |
---|---|
Identity Provider Alias | You need the alias of the iIdentity Provider in Keycloak. You can find this in the Keycloak Admin Console by viewing the details of the Identity Provider that you created and copying the value in the alias field. |
Re-Configuring Keycloak as the DAI Access and Identity Manager
If you are using Eggplant Cloud, contact our Customer Support for help obtaining the input data outlined above.
To disable SSO on Keycloak, we run a migration procedure named identity_provider
.
This procedure will:
- Remove the
Identity Provider
from the Keycloak realm. - Amend the login flow to allow local accounts to login.
- Configure the
Themes
for theRealm
to use standardeggplant
realms instead of theeggplant_readonly
ones used by SSO enabled realms.