4.4.17 IDaaS linkage configuration
The following shows the configuration for using IDaaS linkage.
- Organization of this subsection
(1) When using an authentication server in your on-premises environment
- Minimal device configuration
-
The following figure shows a minimal device configuration for building Keycloak authenticator servers in an on-premises deployment.
![[Figure]](./GRAPHICS/ZU040417.GIF)
- When using multi-factor authentication with a smartphone
-
The following figure shows the configuration when using multi-factor authentication (one-time passcode authentication) using a smartphone.
![[Figure]](./GRAPHICS/ZU040418.GIF)
- When using multi-factor authentication via email
-
If you want to use multi-factor e-mail authentication (e-mail one-time passcode), you need a mail server to send e-mail from your Keycloak. The following figure shows the configuration when using a mail server.
![[Figure]](./GRAPHICS/ZU040419.GIF)
(2) When using a cloud authentication server
The following figure shows a minimal device configuration for IDaaS linkage using Microsoft Entra ID service.
For Microsoft Entra ID, the redirect URI must use the "https" scheme, so using reverse proxy is required to enable HTTPS access to the management window.
You also need a device, such as a smartphone, that matches the multi-factor authentication settings of your ID provider.
![[Figure]](./GRAPHICS/ZU040420.GIF)