ingress: hostname: id.forteapps.net keycloakConfigCli: enabled: true extraEnvVars: - name: MS_IDP_CLIENT_SECRET valueFrom: secretKeyRef: name: microsoft-idp-credentials key: MS_IDP_CLIENT_SECRET configuration: microsoft-idp.json: | { "realm": "forte", "identityProviders": [ { "alias": "forte-entra", "displayName": "Forte Entra", "providerId": "microsoft", "enabled": true, "trustEmail": true, "firstBrokerLoginFlowAlias": "first broker login", "config": { "clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7", "clientSecret": "$(MS_IDP_CLIENT_SECRET)", "defaultScope": "openid email profile", "tenantId": "063afd9e-5fcb-48d2-a769-ca31b0f5b443", "syncMode": "IMPORT" } }, { "alias": "forte-entra-graph", "displayName": "Forte Entra (Graph)", "providerId": "microsoft", "enabled": true, "storeToken": true, "trustEmail": true, "firstBrokerLoginFlowAlias": "first broker login", "config": { "clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7", "clientSecret": "$(MS_IDP_CLIENT_SECRET)", "defaultScope": "openid email profile User.Read Mail.Send", "tenantId": "063afd9e-5fcb-48d2-a769-ca31b0f5b443", "syncMode": "IMPORT" } } ], "identityProviderMappers": [ { "name": "forte-entra-email", "identityProviderAlias": "forte-entra", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { "syncMode": "INHERIT", "attribute": "emailVerified", "attribute.value": "true" } }, { "name": "forte-entra-graph-email", "identityProviderAlias": "forte-entra-graph", "identityProviderMapper": "hardcoded-attribute-idp-mapper", "config": { "syncMode": "INHERIT", "attribute": "emailVerified", "attribute.value": "true" } } ], "roles": { "realm": [ { "name": "default-roles-forte", "composites": { "client": { "broker": ["read-token"] } } } ] } }