> ## Documentation Index
> Fetch the complete documentation index at: https://docs.open-metadata.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Implicit flow of Keyclock | Official Documentation

> Configure Keycloak’s Implicit Flow to support secure, frontend-based token issuance for fast browser-based authentication workflows.

# Implicit Flow

### Step 1: Create OpenMetadata as a new Client

* Click on `Clients` in the menu.
* Click on `Create Client` button.
* Select the `Client type`.
* Enter the `Client ID`.
* Enter the Name and Description `(Optional)`.
* Click on `Next` button.

<img src="https://mintcdn.com/openmetadata/4v9U2L_k1HcJVnXe/public/images/deployment/security/keycloak/keycloak-step-3.png?fit=max&auto=format&n=4v9U2L_k1HcJVnXe&q=85&s=42fcd94e9d8f8aae122450d8b488d3b0" alt="add-client" width="2360" height="2022" data-path="public/images/deployment/security/keycloak/keycloak-step-3.png" />

### Step 2: Edit Configs of the client

* Select `Standard flow` and `Implicit flow` as an `Authentication flow`.
* Click `Next`.

<img src="https://mintcdn.com/openmetadata/4v9U2L_k1HcJVnXe/public/images/deployment/security/keycloak/implicit-keycloak-step-4.png?fit=max&auto=format&n=4v9U2L_k1HcJVnXe&q=85&s=df4a2f67defba23833ea49da41ea707a" alt="compatibility configs" width="1782" height="2022" data-path="public/images/deployment/security/keycloak/implicit-keycloak-step-4.png" />

### Step 3: Add Login Settings

* fill the required options

<img src="https://mintcdn.com/openmetadata/4v9U2L_k1HcJVnXe/public/images/deployment/security/keycloak/keycloak-step-5.png?fit=max&auto=format&n=4v9U2L_k1HcJVnXe&q=85&s=49e025c77312a394182b3ac7e2d9600a" alt="edit-settings-url.png" width="2360" height="2022" data-path="public/images/deployment/security/keycloak/keycloak-step-5.png" />

* Click on `Save` button.

<Tip>
  Note: Scopes `openid`, `email` & `profile` are required to fetch the user details so you will have to add these scopes in your client.
</Tip>

After the applying these steps, the users in your realm are able to login in the openmetadata, as a suggestion create a user called "admin-user". Now you can update the configuration of your deployment:

<CardGroup cols={3}>
  <Card title="Docker Security" href="/v2.0.x-SNAPSHOT/deployment/security/keycloak/docker">
    Configure Keycloak SSO for your Docker Deployment.
  </Card>

  <Card title="Bare Metal Security" href="/v2.0.x-SNAPSHOT/deployment/security/keycloak/bare-metal">
    Configure Keycloak SSO for your Bare Metal Deployment.
  </Card>

  <Card title="Kubernetes Security" href="/v2.0.x-SNAPSHOT/deployment/security/keycloak/kubernetes">
    Configure Keycloak SSO for your Kubernetes Deployment.
  </Card>
</CardGroup>

<Tip>
  A dockerized demo for showing how this SSO works with OpenMetadata can be found [here](https://github.com/open-metadata/openmetadata-demo/tree/main/keycloak-sso).
</Tip>

<CardGroup cols={1}>
  <Card title="KeyCloak" href="/v2.0.x-SNAPSHOT/deployment/security/keycloak">
    Go to KeyCloak Configuration
  </Card>
</CardGroup>