The Portal
The Portal (uaagi_dealership_portal) is the SSO-authenticated front door to the UAAGI Uno platform. It runs on a dedicated Odoo 18 instance at portal.uaagi-uno.com and does exactly two jobs:
- Authenticate the user once through Keycloak.
- Show them every dealership Odoo instance they're allowed to access — and hand them off there without asking them to log in again.
It is a thin layer, but it's the layer that makes "one UAAGI identity across many Odoo instances" feel like a single product instead of a folder full of bookmarks.
The two faces
This module ships two distinct user experiences out of the same installed app:
| Face | Who it's for | Where it lives |
|---|---|---|
| End-user experience | Employees logging in from a browser — BPO agents, dealership staff, managers | The public-facing page at portal.uaagi-uno.com/dealership/portal |
| Administration | System administrators provisioning dealerships, brands, and user access | The Odoo backend — UAAGI Portal top-level menu |
An end user never sees the Odoo backend. An administrator sees both: they configure in the backend, then the end-user page renders from that configuration automatically.
Architecture
┌─────────────────────┐
│ Keycloak SSO │
│ sso.uaagi-uno.com │
└──────────┬───────────┘
│
▼
┌─────────────────────┐
│ The Portal │
│ portal.uaagi-uno.com │
│ │
│ • Region-grouped │
│ dealership picker │
│ • Per-user access │
│ filtered by │
│ Keycloak claims │
└──────────┬───────────┘
│ user clicks a card
▼
┌───────────────────┼───────────────────┐
│ │ │
┌───────▼────────┐ ┌────────▼───────┐ ┌─────────▼──────┐
│ makati. │ │ cebu. │ │ davao. │
│ uaagi-uno.com │ │ uaagi-uno.com │ │ uaagi-uno.com │
│ (Dealer CRM) │ │ (Dealer CRM) │ │ (Dealer CRM) │
└────────────────┘ └────────────────┘ └────────────────┘
When the user clicks a dealership card, the Portal redirects to https://<subdomain>.uaagi-uno.com/web/login?oauth=1. Because the user already has an active Keycloak session, the dealership instance auto-authenticates and drops them straight into the backend.
What flips this instance into "portal mode"
A single system parameter determines whether an Odoo instance behaves as the Portal or as a regular dealership backend:
| Key | Value on Portal | Value on dealership instances |
|---|---|---|
uaagi.is_portal_instance | True | False or unset |
When True:
/web/loginauto-redirects non-admin users to Keycloak (no manual login button).- After OAuth sign-in, non-admin users land on
/dealership/portalinstead of/web. - Non-admin users navigating to
/webare bounced back to the portal selector. - Administrators can still log in directly via
/web/login?direct=1to reach the backend.
Data model at a glance
The Portal introduces three records that together drive everything the end user sees:
| Model | Purpose |
|---|---|
uaagi.brand | A car brand (FOTON, Chery, Jetour, BAIC, Lynk & Co, RADAR). Carries a logo, color, and vehicle type. |
uaagi.dealership | A dealership location. Links to one subdomain, one Keycloak client, and many brands. |
res.users (extended) | Adds allowed_dealership_ids, primary_dealership_id, UAAGI employee ID, region, and department. |
Keycloak is the source of truth for who can access what — the allowed_dealerships claim on the OAuth token maps onto res.users.allowed_dealership_ids on every sign-in.
Guides
End-user experience
- End-user experience — the full sign-in → selector → dealership handoff → logout flow, with screenshots.
Administration
- Dealerships — create and maintain the dealership records that become cards on the portal.
- Brands — manage the brand catalog shown on dealership cards and the top banner.
- User dealership access — assign dealerships to users, set primary dealership, and review Keycloak sync state.
- OAuth provider — the extended
auth.oauth.providerform used to wire the Portal instance to Keycloak. - Security groups — Portal User, Portal Manager, and System Administrator.