...
| Note |
|---|
You need Azure Admin permission to complete this integration |
Azure app configuration
Create new Azure app
Create a new App registration from portal.azure.com selecting support for Multiple organizations when asked.
...
Give your application a name and write down Application (client) ID as you will require this later.
...
Configure a new secret
Next, go to your App Registrations’ Certificates & secrets to create a New client secret. Copy the Value of your secret to your notebook so we have it for later use.
...
Adding Keycloak IdP
In Keycloak , select gv Realm then create a new IdP Identity Provider by selecting Microsoft from the drop downlist:
...
Populate Client ID (this is Application (client) ID in Azure) and Client Secret (this is Value from Azure) using values obtained in previous steps.
...
Finally copy Redirect URI from Keycloak:
...
and add Redirect ID UI link in Azure App.:
...
| Info |
|---|
If you do not want everyone to be able to connect using SSO you can restrict the app only to a certain group of users. https://learn.microsoft.com/en-us/entra/identity-platform/howto-restrict-your-app-to-a-set-of-users |
Test the functionality
Open up a new Incognito mode in a browser and use https://{$your_ip_or_URL}/ui
...
| Note |
|---|
The last step is important, you need to allow “Consent on behalf of your organization” before clicking [Accept]. If you don’t, you will need to recreate the app from scratch. This is how a failed attempt looks like:  That is why it is recommended to test this in Incognito mode. |
...
This should result in Dashboard window being loaded:
...