Skip to main content

Initialization

If you use Single Sign On​

Création de l'organisation​

Dans la collection organisation, ajoutez le document suivant :

slug must only contain lowercase letters and numbers.

{
  "slug": "<tag>",
  "id": "<random uuid>",
  "name": "<COMPANY Name>",
  "engine": {},
  "users": []
}

Authentification​

Paramétrer l'authentification via votre provider SSO OpenID Connect (exemple: Keycloak). Pour cela, il est nécessaire d'ajouter les paramètres SSO OIDC de votre provider en base de données.

Dans la collection ssoProvider, ajouter le document suivant en remplaçant les propriétés par les valeurs appropriées :

Note : les utilisateurs qui appartiennent au groupe déclaré dans requiredGroup dans votre provider SSO seront automatiquement ajoutés à l'organisation ciblée par organizationId à leur connexion.

Les utilisateurs qui ne disposent pas du groupe requiredGroup ne peuvent pas se connecter (mis à jour lors de la connexion via le provider SSO).

Les utilisateurs qui appartiennent au groupe adminGroup dans le provider SSO se verront attribuer le rôle d'administrateur dans l'application Breign (mis à jour lors de la connexion via le SSO).

{
  "issuer": "https://your-keycloak.breign.example/realms/master",
  "oidcConfig": "{\"issuer\":\"https://your-keycloak.breign.example/realms/master\",\"clientId\":\"<clientId>\",\"clientSecret\":\"<clientSecret>\",\"authorizationEndpoint\":\"https://your-keycloak.breign.example/realms/master/protocol/openid-connect/auth\",\"tokenEndpoint\":\"https://your-keycloak.breign.example/realms/master/protocol/openid-connect/token\",\"jwksEndpoint\":\"https://your-keycloak.breign.example/realms/master/protocol/openid-connect/certs\",\"pkce\":true,\"discoveryEndpoint\":\"https://your-keycloak.breign.example/realms/master/.well-known/openid-configuration\",\"mapping\":{\"id\":\"sub\",\"email\":\"email\",\"emailVerified\":\"email_verified\",\"name\":\"name\",\"extraFields\":{\"groups\":\"groups\"}},\"scopes\":[\"openid\",\"email\",\"profile\",\"groups\"],\"overrideUserInfo\":false}",
  "samlConfig": null,
  "providerId": "keycloak-breign",
  "domain": "your-keycloak.breign.example",
  "customRules": {
    "adminGroup": "/Breign-Admins",
    "requiredGroup": "/Breign",
    "organizationId": "<organization UUID>"
  }
}
db.collection('ssoProvider').insertOne({
  "issuer": "https://your-keycloak.breign.example/realms/master",
  "oidcConfig": "{\"issuer\":\"https://your-keycloak.breign.example/realms/master\",\"clientId\":\"<clientId>\",\"clientSecret\":\"<clientSecret>\",\"authorizationEndpoint\":\"https://your-keycloak.breign.example/realms/master/protocol/openid-connect/auth\",\"tokenEndpoint\":\"https://your-keycloak.breign.example/realms/master/protocol/openid-connect/token\",\"jwksEndpoint\":\"https://your-keycloak.breign.example/realms/master/protocol/openid-connect/certs\",\"pkce\":true,\"discoveryEndpoint\":\"https://your-keycloak.breign.example/realms/master/.well-known/openid-configuration\",\"mapping\":{\"id\":\"sub\",\"email\":\"email\",\"emailVerified\":\"email_verified\",\"name\":\"name\",\"extraFields\":{\"groups\":\"groups\"}},\"scopes\":[\"openid\",\"email\",\"profile\",\"groups\"],\"overrideUserInfo\":false}",
  "samlConfig": null,
  "providerId": "keycloak-breign",
  "domain": "your-keycloak.breign.example",
  "customRules": {
    "adminGroup": "/Breign-Admins",
    "requiredGroup": "/Breign",
    "organizationId": "<organization UUID>"
  }
});

Le client KeyCloak doit autoriser les redirections vers les URLs suivantes :

  • https://breign-api.breign.example/rp/auth/* (route auth pour l'API Breign, Relying Party pour d'autres applications).
  • https://breign-app.breign.example/api/auth/* (route auth pour l'APP Breign).

Dans l'application Breign APP, configurez la variable d'environnement NEXT_PUBLIC_SSO_PROVIDER_ID avec l'ID du provider SSO ajouté (keycloak-breign).

If you do not use Single Sign On​

Creating the first admin​

Insert into your database your first admin user. This user will be able to log in to the platform and create the first organization and invite other admins and users.

In the users collection, insert the following document:

{
  "user": {
    "email": "admin.name@company.eu",
    "name": "Admin Name"
  },
  "isAdmin": true,
  "id": "<random UUID>",
  "apiKeys": [],
  "createdAt": "2026-01-01"
}

Login as admin​

Reach our to the admin dashboard at the Breign App Superadmin page https://app.company.eu/superadmin and log in with the email of the admin user you just created.

By default, sign in is supported via email sent one time codes (depending on your license you may also have access to other authentication methods such as SSO, password-based authentication, etc.).

Create the first organization​

In the superadmin dashboard, create a new organization.