Skip to content

Getting Started

This guide helps you set up the OVES Access Management system from scratch.

Prerequisites

Before starting, ensure you have:

Required Access

  • [ ] Azure subscription with Global Administrator permissions
  • [ ] Domain administrator access for OVES domain
  • [ ] Server infrastructure for Keycloak deployment
  • [ ] Odoo administrator access

Required Software

  • [ ] PowerShell 5.1+ with Azure modules
  • [ ] Python 3.8+ with required packages
  • [ ] Docker and Docker Compose (for Keycloak)
  • [ ] Git for version control

Quick Setup

1. Clone and Prepare Repository

git clone https://github.com/OVES/oves-access-management.git
cd oves-access-management

# Install documentation tools
pip install -r requirements.txt

# Start documentation server
mkdocs serve

2. Configure Environment

Copy and customize configuration templates:

# Azure AD configuration
cp configs/azure-ad/config.env.template configs/azure-ad/config.env
# Edit with your tenant details

# Keycloak configuration  
cp configs/keycloak/config.env.template configs/keycloak/config.env
# Edit with your server details

3. Set Up Azure AD

Follow the Azure AD Setup Guide:

# Connect to Azure
Connect-AzureAD

# Run setup script
python scripts/azure_ad_management.py --tenant-id YOUR_TENANT_ID --action setup-groups

4. Deploy Keycloak

# Navigate to Keycloak configs
cd configs/keycloak

# Start Keycloak with Docker Compose
docker-compose up -d

# Verify deployment
curl http://localhost:8080/auth

5. Configure Odoo Integration

See Odoo Integration Guide for detailed steps.

Environment Setup

Development Environment

# Set up Python virtual environment
python -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Install Azure CLI (if not already installed)
# Follow: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli

Production Environment

Security Considerations

  • Use strong passwords for all accounts
  • Enable MFA for all administrative accounts
  • Store secrets in Azure Key Vault
  • Implement network segmentation
  • Regular security audits and updates

Configuration Validation

Use our validation scripts:

# Validate Azure AD configuration
python scripts/validate_azure_ad.py --config configs/azure-ad/config.env

# Validate Keycloak configuration
python scripts/validate_keycloak.py --config configs/keycloak/config.env

Deployment Phases

Phase 1: Foundation (Week 1)

  • [ ] Azure AD tenant configuration
  • [ ] Basic security groups and policies
  • [ ] Key Vault setup
  • [ ] Initial user accounts

Phase 2: Identity Providers (Week 2)

  • [ ] Keycloak deployment and configuration
  • [ ] Realm setup for different user types
  • [ ] External identity provider integration
  • [ ] SSO testing

Phase 3: Application Integration (Week 3)

  • [ ] Odoo SAML/OIDC configuration
  • [ ] User portal setup
  • [ ] Partner and customer portals
  • [ ] End-to-end testing

Phase 4: Monitoring & Production (Week 4)

  • [ ] Audit logging configuration
  • [ ] Monitoring and alerting
  • [ ] Backup procedures
  • [ ] Production deployment
  • [ ] User training and documentation

Validation Checklist

Azure AD Validation

  • [ ] Security defaults enabled
  • [ ] MFA working for all users
  • [ ] Conditional access policies active
  • [ ] Application registrations correct
  • [ ] Key Vault secrets accessible

Keycloak Validation

  • [ ] Realms configured correctly
  • [ ] External identity providers working
  • [ ] SSO flow functional
  • [ ] User registration working
  • [ ] Token validation successful

Odoo Integration Validation

  • [ ] SAML authentication working
  • [ ] OIDC authentication working
  • [ ] User roles mapped correctly
  • [ ] Data separation enforced
  • [ ] Audit logging active

Troubleshooting

Common Issues

Authentication Failures

# Check Azure AD logs
az ad signed-in-user show

# Check Keycloak logs
docker logs keycloak-container

Permission Denied Errors

# Verify Azure permissions
az role assignment list --assignee your-user-id

# Check Keycloak user roles
# Use Keycloak admin console

Integration Problems

  • Verify redirect URIs match exactly
  • Check certificate expiration dates
  • Validate network connectivity
  • Review security group memberships

Getting Help

  • Documentation: Check our comprehensive guides
  • Issues: Report problems on GitHub
  • Support: Contact IT administration team
  • Emergency: Use documented emergency procedures

Next Steps

After completing setup:

  1. Review Best Practices
  2. Set up Monitoring and Alerting
  3. Train end users on new authentication flows
  4. Schedule regular security reviews

Success Criteria: All validation checks pass, users can authenticate successfully, and audit logging is active.