|
| 1 | +# Configure Azure CI for SAML SSO |
| 2 | + |
| 3 | +This page shows how to configure Appsmith on Azure CI for using Security Assertion Markup Language (SAML) Single Sign-On (SSO). |
| 4 | + |
| 5 | +## Prerequisites |
| 6 | + |
| 7 | +- A [Azure account](https://portal.azure.com/#home) with permission to create and manage PostgreSQL resources. |
| 8 | +- Ensure that you have taken a manual backup for your instance. |
| 9 | +- Decide if your database requires public access or if it should be restricted by specific IP ranges using a Network Security Group (NSG). |
| 10 | + |
| 11 | +## Set Up PostgreSQL in Azure |
| 12 | + |
| 13 | +Follow these steps to set up a PostgreSQL instance in Azure: |
| 14 | + |
| 15 | +:::info |
| 16 | +It is recommended to create PostgreSQL in the same region and availability zone as your Appsmith deployment for optimized performance. |
| 17 | +::: |
| 18 | + |
| 19 | +1. Log into the **Azure Portal** at https://portal.azure.com. |
| 20 | + |
| 21 | +2. In the left-hand menu, select **Create a resource** and search for **Azure Database for PostgreSQL**. |
| 22 | + |
| 23 | +3. Select **Single server** and click **Create**. |
| 24 | + |
| 25 | +4. In the **Basics** tab, set up: |
| 26 | + |
| 27 | +<dd> |
| 28 | + |
| 29 | +- **Subscription**: Select Subscription 1. |
| 30 | + |
| 31 | +- **Resource Group**: Select Sandbox. |
| 32 | + |
| 33 | +- **Server Name:** Enter appsmith-postgres. |
| 34 | + |
| 35 | +- **Region**: Select the region matching your Appsmith deployment for optimized latency. |
| 36 | + |
| 37 | +- **PostgreSQL** Version: Choose Version 14. |
| 38 | + |
| 39 | +- **Workload Type**: Select Development. |
| 40 | + |
| 41 | +</dd> |
| 42 | + |
| 43 | +5. In the **Compute + storage** section, configure as needed based on performance requirements. |
| 44 | + |
| 45 | +6. In the **Authentication Settings**: |
| 46 | + |
| 47 | +<dd> |
| 48 | + |
| 49 | +- **Authentication Method**: Select PostgreSQL Authentication Only. |
| 50 | + |
| 51 | +- **Username**: Enter your preferred username (for example, `pgadmin`). |
| 52 | + |
| 53 | +- **Password**: Set a secure password and confirm it. |
| 54 | + |
| 55 | +</dd> |
| 56 | + |
| 57 | + |
| 58 | +## Set Up Firewall Rules |
| 59 | + |
| 60 | +Configure firewall rules for your PostgreSQL instance to ensure secure access. By default, you can enable public access, but it's recommended to restrict access to specific IP addresses in production environments. |
| 61 | + |
| 62 | +1. In the Azure Portal, go to the Networking tab of your PostgreSQL server. |
| 63 | + |
| 64 | +2. Under Firewall rules, choose one of the following options: |
| 65 | + |
| 66 | +<dd> |
| 67 | + |
| 68 | +Add your IP address or select **Allow Azure services and resources** to access this server if you want to enable broader access temporarily. |
| 69 | + |
| 70 | +</dd> |
| 71 | + |
| 72 | + |
| 73 | +3. Click **Save** to apply the firewall settings. |
| 74 | + |
| 75 | + |
| 76 | +## Connect to PostgreSQL Database |
| 77 | + |
| 78 | +After setting up your PostgreSQL instance, connect to it using the provided credentials. |
| 79 | + |
| 80 | +1. In the Azure Portal, navigate to **All resources** and select your PostgreSQL server instance. |
| 81 | + |
| 82 | +2. Find your connection details (`host`, `port`, `username`, and `database name`). |
| 83 | + |
| 84 | +3. Open a terminal and use the following command to connect to your PostgreSQL database: |
| 85 | + |
| 86 | +<dd> |
| 87 | + |
| 88 | +```sql |
| 89 | +psql -h <hostname> -p <port> -U <username> <database> |
| 90 | + |
| 91 | +//example |
| 92 | +psql -h appsmith.postgres.database.azure.com -p 5432 -U pgadmin postgres |
| 93 | +``` |
| 94 | + |
| 95 | +</dd> |
| 96 | + |
| 97 | +## Create the Keycloak Database and User |
| 98 | + |
| 99 | +Once connected to your PostgreSQL database, create a new database for Keycloak and a user with appropriate roles. |
| 100 | + |
| 101 | +1. Create the keycloak database: |
| 102 | + |
| 103 | +```sql |
| 104 | +CREATE DATABASE keycloak; |
| 105 | +``` |
| 106 | + |
| 107 | +2. Create a new user and set a secure password: |
| 108 | + |
| 109 | + |
| 110 | +```sql |
| 111 | +CREATE USER your_username WITH PASSWORD 'your_password'; |
| 112 | +``` |
| 113 | + |
| 114 | +3. Assign the necessary roles to the new user: |
| 115 | + |
| 116 | + |
| 117 | +```sql |
| 118 | +GRANT CONNECT ON DATABASE keycloak TO your_username; |
| 119 | +GRANT USAGE ON SCHEMA public TO your_username; |
| 120 | +GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO your_username; |
| 121 | +ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO your_username; |
| 122 | +``` |
| 123 | +Replace `your_username` and `your_password` with your actual credentials. |
0 commit comments