Configure OIDC
- Go to Admin → Settings → SSO
- Toggle Enable SSO on
- Fill in the provider details:
- Save
Provider-specific notes
Keycloak
- Create a new client in the target realm with Client authentication enabled
- Set the Valid redirect URIs to
https://<your-certforge-domain>/oidc/callback - Copy the Client ID and the secret from the Credentials tab
- The Issuer URL format is:
https://<keycloak-host>/realms/<realm-name>
Okta
- Create a new OIDC Web Application in the Okta Admin Console
- Add
https://<your-certforge-domain>/oidc/callbackto the Sign-in redirect URIs - Copy the Client ID and Client secret
- The Issuer URL is your Okta org URL:
https://<org>.okta.com
Azure AD / Entra ID
- Register a new app in Azure Portal → App registrations
- Add
https://<your-certforge-domain>/oidc/callbackas a redirect URI (type: Web) - Create a client secret under Certificates & secrets
- The Issuer URL is:
https://login.microsoftonline.com/<tenant-id>/v2.0
Test SSO login
- Open the CertForge login page in a private/incognito window
- Click Sign in with SSO
- Complete authentication with your IdP
- Confirm you land on the CertForge dashboard