Zerto Access Management: Role-Based Access Controls with Keycloak
Implementing Identity and Access Management (IAM) within data protection applications is critical in today’s interconnected digital landscape. IAM serves as the first line of defense, ensuring that only authorized individuals or systems can access sensitive data and resources. By effectively managing user identities, roles, and permissions, IAM enhances security measures, mitigates insider threats, and safeguards against unauthorized access or data breaches.
What is Keycloak?
Keycloak is an open-source IAM solution that provides authentication and authorization services, allowing organizations to securely manage user identities, roles, and permissions. It offers robust features for centralized user authentication, single sign-on (SSO), social login integration, and user federation.
Keycloak supports various authentication protocols such as OpenID Connect and SAML, making it compatible with a wide range of applications and systems such as Okta and Microsoft Active Directory. It is widely used by enterprises, developers, and yes, even Zerto, to streamline identity management processes, enhance security, and ensure regulatory compliance.
Zerto and Keycloak for Role-Based Access Controls
In Zerto, Keycloak was added as the single sign-on and IAM tool for the Zerto Virtual Manager Appliance (ZVMA) (more specifically, version 9.5U1 or higher). With no separate installation, setup, or management required, it replaced the previously utilized vCenter role-based access control (RBAC) used in the Windows Zerto Virtual Manager (ZVM). Through it, Zerto users recognize the benefits of managing access control and are enabled to easily integrate other user federation logins with Keycloak.
Here is what you need to know about Keycloak for Zerto:
- There are five preconfigured roles with accompanying permissions that you can set for your users: admin, builder, user, file-level-restore operator, and viewer.
- Best practice dictates assigning permissions to groups rather than individual users. In doing so, you can easily add and remove users from the group rather than having to change or revoke user permissions.
- You can import users from Microsoft Active Directory into Zerto’s Keycloak using LDAP and/or LDAPS protocols.
- If you have an existing Okta account, that can be integrated into Zerto’s Keycloak using SAML v2.
To learn more about how to use Keycloack with Zerto, visit our help page.