Home
MATRIXX Security
OAuth 2.0 Identity and Access Management
MATRIXX supports third-party identity and access management application integration.
Configure the Third-Party Application
After configuring the MATRIXX web apps, you must configure the third-party identity and access control application. This example is specific to Keycloak.

Welcome
MATRIXX Release Notes
MATRIXX Architecture
MATRIXX Installation and Upgrade
MATRIXX Configuration
MATRIXX Security
- About MATRIXX Security
- Introduction to MATRIXX Cloud Native Security
  The information in MATRIXX Security is best-practice information and identifies MATRIXX-specific security considerations and implementations. For container-specific and Kubernetes security information, see the third-party documentation.
- Cloud Native Security
  The information here addresses cloud native security and includes recommendations for securing your cloud native implementation.
- Managing Certificates
  MATRIXX uses certificates signed by a trusted certificate authority, or validated by other means, to establish secure communications with another party with the corresponding private key.
- Enabling Transport Layer Security
  Transport Layer Security (TLS) provides secure internet connections by encrypting data sent between a browser, a website, and the website server to ensure that data is transmitted privately.
- Network Security
  Network zones are stacked with increasing proximity to the open internet or DMZ. Each zone is traversed by ingress and egress points through an application or server, with appropriate authentication and authorization for connecting system traffic.
- Application Security
  Application security includes configuring web applications and gateways.
- Database Security
  Depending on your MATRIXX environment, you can use multiple external databases.
- OAuth 2.0 Identity and Access Management
  MATRIXX supports third-party identity and access management application integration.
  - Configure OAuth 2.0 Access Control
    The procedure for configuring OAuth 2.0 in a cloud native environment is similar for all MATRIXX web apps.
  - Configure the Third-Party Application
    After configuring the MATRIXX web apps, you must configure the third-party identity and access control application. This example is specific to Keycloak.
  - Defining MATRIXX Roles for OAuth 2.0 Authorization
    MATRIXX can integrate with a third-party identity and access management application for role-based access control (RBAC) for My MATRIXX, MATRIXX Backoffice Customer Tool, and RS Gateway.
MATRIXX Integration
MATRIXX Diameter Integration
MATRIXX Call Control Framework Integration
MATRIXX TM Forum Integration
MATRIXX 5G Integration
MATRIXX 5G Event Streaming
MATRIXX Event Streaming
MATRIXX Administration
MATRIXX Web App Administration
MATRIXX Monitoring and Logging
MATRIXX Policy
MATRIXX Kafka CDR Consumer
MATRIXX Pricing and Rating
MATRIXX Pay Now
MATRIXX Subscriber Management
MATRIXX Subscriber Management API
MATRIXX Business API SDK
My MATRIXX Help
MATRIXX Backoffice Customer Tool Help
MATRIXX Third-Party Licenses
Glossary

Configure the Third-Party Application

After configuring the MATRIXX web apps, you must configure the third-party identity and access control application. This example is specific to Keycloak.

Procedure

Create the MATRIXX user roles in the third-party application.
See the discussion about defining MATRIXX roles for OAuth 2.0 authorization for more information.

Configure the third-party application for integration with the MATRIXX web apps.

For example, in Keycloak, configure the client objects matrixx and matrixx-public with the following settings:

Table 1. Keycloak Configuration
Setting	matrixx	matrixx-public
Valid Redirect URIs	*	http://`host`:`port`/matrixxbct/*
Web Origins	N/A	+
Access Type	confidential	public
Client Protocol	openid-connect	openid-connect
Standard Flow Enabled	On	On

Note: The matrixx-public values apply to MATRIXX Backoffice Customer Tool only.

What to do next

Important: In production, the Valid Redirect URIs setting for the matrixx and matrixx-public clients should be restricted to the public home page URLs for My MATRIXX, MATRIXX Backoffice Customer Tool, and RS Gateway. If you get an error indicating that Keycloak configuration was not completed when logging in to the web application, confirm that you have configured the following values for the Keycloak client configured in settings.json:

Valid redirect URIs
Web origins