Skip to Main Content
Skip to Navigation
Accessibility Statement

Pathfinder SSO

Office of the Chief Information Officer

, , ,

The BC Government Pathfinder SSO service, based on the Open Source Keycloak (aka Red Hat SSO) product, provides an industry standard (OIDC) and enterprise-policy compliant means of implementing authentication within applications that are also simple for development teams to provision and utilize.

Development teams are provisioned a set of clients within a multi-tenant instance of Keycloak running in the OpenShift Container Platform (OCP) platform that provide a simple authentication mechanism suitable for web and mobile applications.

Each client exists in one of the “standard” realms based on the needs of the team. Each “standard” realm is configured with a set of centrally managed identity providers (such as BCeID and IDIR).

Development teams are provided with a set of clients (an isolated configuration within Keycloak), corresponding to their deployment environments (dev, test, and prod). Clients come configured out-of-the-box with an appropriate combination of the following identity providers:

  • BC Government IDIR
  • BCeID Business and/or Basic (Personal BCeID is no longer supported)
  • GitHub (in the DEV and TEST environments for rapid prototype testing)

Note: BCeID requires additional steps for SSO implementation. Details will be provided during onboarding.

Note: BC Services Card integration is not available through Pathfinder SSO through the “standard” realms. See BC Services Card Integration on the Pathfinder SSO wiki for explanation and tips.

Why should I use this

Ease of use

Pathfinder SSO is easily integrated into line of business systems. The service is hosted and managed centrally to ensure an efficient, reliable process.

Support community

Pathfinder SSO is a well-known and widely used access management system. Your staff can find simple procedures and guides, as well as answers to their questions, in a dedicated BC government support community.

Identity management

Add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users.

About this component

Price

Free

Service level support

This service is available 24/7 with best efforts support, during business hours only, to restart failed systems and address open issues.

Keycloak SSO support is available through RocketChat.

Requirements and restrictions

This Single Sign-On (SSO) service is offered to BC Government teams who are building cloud native web or mobile applications. Teams wishing to use this service should initially connect with the Pathfinder SSO Team to discuss their needs and ensure alignment prior to making an SSO implementation request.

Getting started

The Keycloak service is offered to BC Government teams who are building cloud native web or mobile applications.

https://github.com/bcgov/ocp-sso/wiki/SSO-Onboarding

Support

Pathfinder SSO support is available: