...
Adding Keycloak IdP
In Keycloak , select gv Realm then create a new IdP Identity Provider by selecting Microsoft from the drop downlist:
...
Populate Client ID (this is Application (client) ID in Azure) and Client Secret (this is Value from Azure) using values obtained in previous steps.
...
Finally copy Redirect URI from Keycloak:
...
and add Redirect ID UI link in Azure App.:
...
Info |
---|
If you do not want everyone to be able to connect using SSO you can restrict the app only to a certain group of users. https://learn.microsoft.com/en-us/entra/identity-platform/howto-restrict-your-app-to-a-set-of-users |
Test the functionality
Open up a new Incognito mode in a browser and use https://{$your_ip_or_URL}/ui
...
Note |
---|
The last step is important, you need to allow “Consent on behalf of your organization” before clicking [Accept]. If you don’t, you will need to recreate the app from scratch. This is how a failed attempt looks like: That is why it is recommended to test this in Incognito mode. |
...
This should result in Dashboard window being loaded:
...