Skip to main content
Skip table of contents

Identity Providers in Thingshub (SSO)

Thingshub supports two identity provider mechanisms:

  1. internal identity provider that thingshub provides

  2. external 3rd party identity provider mechanism.

The 3rd party system is particularly helpful if you have a common identity provider system for your complete enterprise software stack. The internal identity provider is enabled by default and can be disabled from the tenant configuration file. The external identity providers can be enabled in your thingshub tenant installation by using the tenant configuration file.

  1. Internal Identity Provider System:
    This is the internal identity management mechanism that thingshub provides. It is enabled by default with the tenant installation. User can authenticate themselves to the thingshub system by logging in with the email/username and password associated with their thingshub account.

  2. External Identity Provider System:
    The external identity provider system is the mechanism to enable thingshub to use a 3rd party system for authentication. This can be enabled or disabled from the tenant configuration file.
    By default the external identity provider is disabled.

    Thingshub currently supports 3 external identity providers: Google Oauth2, Keycloak Open ID Connect, and PingID Oauth 2

    Configuring multiple identity providers
    Thingshub supports configuring multiple identity providers in a single instance, however there is a constraint of a singular identity provider of a type. For example, you can configure Google Oauth and also have Keycloak setup in a single tenant. However, you will not be able to set-up another Google Oauth identity provider for the same tenant.

    Configuring Identity Providers:

    YAML
    global:
      domain: foo.bar.com
      tenant_mode: trackinghub
    
    ...
    
      identity_providers:
        thingshub:
          enabled: true
        google_oauth2:
          enabled: false
          ...
        keycloak_oidc:
          enabled: true
          ...
        ping_id_oauth2:
          enabled: true
          ...
    
    ...
      

    The identity providers can be enabled or disabled from the tenant configuration file by setting the appropriate values in the identity_providers block as shown above. The specific identity provider can be turned on or off using the enabled flag in their respective sub-blocks.

    By default, the thingshub identity provider is enabled and both keycloak_oidc and google_oauth2 are disabled. The tenant operator can explicitly disable the thingshub internal identity provider if they want to use the external identity providers only.
    However, there should be at least one identity provider enabled at a time for a tenant. If all of the identity providers are disabled for a thingshub tenant, it will enable the thingshub internal identity provider. The same is the case if the whole identity_provider block is absent.

You can see a tenant configured with all the identity providers here: https://qa-whitelabel.thingshub.smartmakers.de/ui/en/login

The config block for setting up the identity providers as shown in the tenant is:

YAML
global:
  identity_providers:
    thingshub:
      enabled: true
    google_oauth2:
      enabled: true
      params:
        client_id: "..."
        client_secret: "..."
        auth_url: "https://accounts.google.com/o/oauth2/auth"
        token_url: "https://oauth2.googleapis.com/token"
        user_info_url: "https://www.googleapis.com/oauth2/v2/userinfo?access_token="
        scopes:
          - "https://www.googleapis.com/auth/userinfo.email"
      button:
        logo: "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWgAAAFoBAMAAACIy3zmAAAAJ1BMVEXu7u7////qQTQzqFJAhfX7vAV5pfKszNvyx66AxZPpe3Prykg6lKgf/8M3AAAHXElEQVR42u3dTUsjSRgH8NSojLqXqn3RdnMJfZKcAr0wBDyMEJyrqzQseBKG3euEkVnmZgRBPM3gQbxpTpLTyuA38INtJ+m8dVV1uqvT9VRm/nXrMdX+5vGpStXTZayIYeOVYVuKywrQQAMNNNBAAw000N8jOm4s/vdlugQaaKCBBhpooIEG+vtCYxMANNBAAw000EADDTSqpti5AA000EADDTTQQAONqinQQAMNNNBAAw000KiaYucCNNBAAw000EADDTSqpkAD/aOhR8N8edBRW7/q9bq9erfXuzpn8dfdRnvXXX+69YZul9Hrs+Jhe2TCYTRXkaNWf2TOoq99bat3nEQLr+untXsH0WLTn9N2nUPza39uqzO30PzC9zOpXaqaZjJPhqMTm4CM5mGGOILObI7UrqA3/Rxt1wk08/xc7d4FNO/mQ/sderTIax4ORlJ0voSepDUp2vMN2gMtOndCjxKEEG2SHP1Wo0R7vmHr0KHZhSl6l5Ohf/eN2z0VmnXN0TWiqikrEGifEW0CCgWaaOeyiEDbRxcJNCdCe0UCTbSxLRZoInSxQNOgzd8MB4GmQfNigSZBs1fFAk2D7hYLNAl67jDsPV5dXfW6ukBToOdkx+MV0zzLGAWaAp26y6qfczH14mtVoCnQacuORzbLSjyGYWRV05TsOJfrotM/lxpdLS+llstVfS+k5Z19tD47Olzdt5sINAH6VYpZ3XeUIYwu0rq5455r+3rx1EGG9rQ1upS+m8Opgwz9s67Yldq3O5ijqdC6VekDT603eIM5mizSZkUjdlHjdGjPsDzndQjP5a0ZFkIZ4WFCdhmqKxlOn4AMwyNlychltBeGofKRlcvoaqhQ7wq3z5pe9tHJBHlw/FzecyiHus4dR4ehrK45jvZi9NFCqwIlo6uhHOo6dxy9Fsqhvnf9gOxzKKvZ8qDD2exwGM0n5nGoa66fn/ZCWd1xHV2dRscJUnEd/VsohXq0ZXEXfRlKoa45H+nnUFJ3lg59NK6Duvsb+ixMtvGZRoc3ARI63HUe7cnoQ22hQ2RvpaJ/ktFPuhd/+jtj+6dkdFVGn+vqYK2s7aBk9JqM1hbv3mdW20dz19HsUjKfLCP6rwWkBys3PWT04QIi3S430s8yurKE6P8WgD61jX4CupSBKKPPCdA517Xye0tH++Ls6P1yNwHloN8CjfRApBFpRHpB6OdljLRi7bGMkX76USNdMlrebv25APSpbfQhAdqJ3fip7WLNifO78ZLKYkAXq5o6U2Faz16fdqdqqngS0Chcn25Zf+Zy3NQ9gvikadaL6tLTrZMg0KEFixofP1ZhgybEtn10cvERBEE738OeLevoZK33OEJ/zYf+VV6Z2kVHyREEjXzoM+toNvvu8q2PbuZDyzPhftmRriaTIxiPxIy3Uq2XSkZ7iVEYTJI62622Ve/iZZ81TSZHP6nzHLySJ4+WzdNicXJESZ0HvSqjeenoy2Ry9Gfq7LdSjMMDbu8E5LcJupHj2KYc6Hfc2lnTk4k5zo9Mt9pSVT2sneoNpls7861WSdAiMQon+ZHpVopFdtvWSfWTYLaJjLdSzNItGyfV16Tk6L+/ZLzVKhG6KiVHPBSz3Ep1roZbQHtycgyHYoa+Wy31OCz/V7BnpuhRe5PpIzvOlDUxG+jL4yBQhXp+321l0cMKuqoyR6Ge31c1DFsVK+htJXq869L3VQb6gOdHm6y+1eimmLfrOVM+urBw1rR/9VGtjpfV2r5bmjKvFXRlR42OV6i6vvy9po5nB61J6jhBNH3Vo7Bf87CDZjca9Ruh77vx0tKntA30Lxp08EXo+kY/nZSUtoHW5Uek5uq+PPranj6lrXy+x41eLVR9+aDDizalraBXghS13Hc03bRUxSVr6B09OhqNyb6fR1/6Q5fSdj4D8iZFHQd78MropRtTX3nRZIcd9EoaOmjejsbX688z/7099YRnCc2Dee0uavLPI5Egp8wmOj0/UtpMghxU7KJ3DNEzCfKWm6EN1tPDS0P0TIK0Lf3C2eiSrZiqZ+YOu+gKDwonyL51tG4rkGMsMuvoynZQUP1O2Eezm4IJ0iZAFw31gaBAm4c6GK+VrKMLhHpvtFayjxYfCyTIKRXaPNTBgaBCC+O3xVERjQJt/LbYFHRo48VemxJtOBYbxT6e3HQ9Pb40TI7C37dIZ7ZhNgpJ0SaTdUPQ/42iG5OZgxidezvQdgHNtg3eVsjRIs9g/CIcQedQN4Qz6EmNcU57IxxCZ4x1QzCX0JnUt6LiFjrD4lr/RIbuL7vPeZdptkXFPXT61Hcb13gcQ0frEK6bRW6ZWOA3KrqeTl7yOxU5+u8s8BuV8WFar2fczbsPTHDn/0h63/3v3aDdfhgXGR1HTz/FX/idS0SXewk00EADDTTQQC+makp3CTTQQAMNNNBAAw3094XGJgBooIEGGmiggQYaaFRNsXMBGmiggQYaaKCBBhpVU6CBBhpooIEGGmigUTXFzgVooIEGGmiggQYaaM3l/+tnm2ZXdYOGAAAAAElFTkSuQmCC"
        text: "Sign-in with Smartmakers Google"
        btn_color: "#82BBE5"
        text_color: "#FFFFFF"
    keycloak_oidc:
      enabled: true
      params:
        realm: "..."
        root_url: "..."
        client_id: "..."
        client_secret: "..."
        skip_verify: true
        self_signed: true
        ca_certificate: "..."
      button:
        logo: "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADYAAAA2CAYAAACMRWrdAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAEnQAABJ0Ad5mH3gAAABkelRYdFJhdyBwcm9maWxlIHR5cGUgaXB0YwAAeNo9wbsNgDAMBcDeUzDCc/zizzghEImOgv2FRMGdXPczZftYiiUbiwcI4qelE80DUHp2xjCNEd1XoCfLd3eeJMuXmVWnBAF5AaE0E+atkxdXAAADhklEQVRoQ+2YX0gUURjFj5ZZlv0zLaNEwYJUEqGihyKwBymyIDHyIaJ6Kaheeinoz0ORBUUEFRFUkkFRvRRE9VZUkERvlUaGCaGoaZr2x3Szc3ZmYdPdcdfdmWVkfvAxd2Z2d+65373nu7NJQ5cxhHFIsnkcd3jC3IYnzG14wtyGJ8xteMLchifMbXjCbMfHGGD0M34wehnfGT1mW9f+MP4yIiAx72PqnISoo78ZExkLlgBz1wLTMoBZeUA6IyWdPeTYD/6iwHqg/RPw7izQzS/N5HcscE7YIEMZ0ehnTQAW7aWYEmDxdt2Njo7XwPUVwAzzPAT2CpMYZYQDjqL1QP4GHvfoTuy01wE3VjKz5vkw4i9MUyywToorKKQKyOPRDqqTgNlmexjxMw+tl3ZGej5QdhU4zPEqv2efKGFhJLEJU65/MroYRbuBI3zSto9AwU7dtZfWp8Bksx2CsU1FjVQfQz9ceg0o3KGrzlJbQCOiU9KHQhFdxiToGyNlDrD1EbCPY5IIUV+eAS3hRYnIMqZPqFBmZAIbH9Cu6UaJ5CRNg+XOCmthuiN3m8QKWvEEmF/qvxyWfqZzQHOUqVVxTQ1jWbFwYTozxWI4ylwLL0yWrRpU+ZjOVua/5KeZGWt5Q8PgVOh4AXS2GnVKD1JwMP3oV2X9Os/OBnIrgVXHKZgdGys13I30fuZAm+cWjBSmM+3RSquBZQeBeppDI9dTI61b2ZvCSGEEhASLCYfWpop1N6NwDbCZjhYttRTVRVEWThjM/8LUgbSFwNIDwNvzzE4T9268JiFaqKMJiATNhKnM4K4W4zwSanK5xpsjFiVGZkzTR6MbyIodKHNVD4EcbrNG4xINy/c1oukXzMiuKzOpDLtEiTRGE9enFT4u3DOaItGLEnZ235pkiyLU9Z77QKrXMrD4mBWJEabXl8wcoz2cV8eAi4W8z3YMa9q6jtlFG+NoiMfe5MtmW4ORqRhxPmMypuJNRjtAHx3vNNPTEx9RwnlhnYzy20ZbvDwEnKOd621YfxHECWeF6Z1tOXcgyWZBupIF1J3i3pPteNTIIJwTpiWlLdq6O8CHu8AJKvF1sFj778Yd54Rpm7afQm6VAPe3GK5n49OdcUVt1eat5hbtuVFsx1ibosGZjOkprRSlpeWAKOHcVJSgOBuEFc4JcxhPmNvwhLkNT5jb8IS5DU+Y2xinwoB/N3vc3ZUlwFsAAAAASUVORK5CYII="
        text: "Sign-in with Smartmakers KeyCloak"
        btn_color: "#192E35"
        text_color: "#FFFFFF"

To get further details on configuring individual external identity providers, please refer to the pages given below:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.