Home
Guides
Sign in
Start typing to search…

SSO Integration with Keykloac (Enterprise)

🔐 Azure AD Integration with OL-Hub

This guide will walk you through integrating Azure Active Directory (Azure AD) with your existing Keycloak instance to enable secure SSO (Single Sign-On) for OL-Hub users.

🕒

Estimated time: 2–5 minutes

🧭 Prerequisites

  • Access to Keycloak with admin rights
  • Azure AD tenant admin permissions
  • Your OL-Hub instance up and running

🔧 Step 1: Configure Keycloak Identity Provider

  1. Log in to your Keycloak admin console.
  2. Switch to the ol-hub realm.
  3. Go to Configure > Identity Providers.
  4. Click Add provider and choose OpenID Connect v1.0.
  5. Copy the Redirect URI that appears – you'll need it later.
  6. Fill in the following fields:
    • Alias / Display Name: AzureAD (or your preferred name)
    • Enable Use discovery endpoint
    • Paste this into the Discovery Endpoint field: 
      https://login.microsoftonline.com/{your_tenant_id}/v2.0/.well-known/openid-configuration
    • This will auto-fill the required OpenID Connect settings.

☁️ Step 2: Set Up Azure AD Application

  1. Open the Azure AD Admin Center.
  2. Navigate to Manage > App registrations.
  3. Click + New registration.
  4. Under "Supported account types", select:
    Accounts in this organizational directory only
  5. In the Redirect URI, paste the URI from Keycloak (Step 5 above).
  6. Click Register.
  7. In the Overview page:
    • Copy the Application (client) ID.

🔑 Step 3: Connect Azure AD to Keycloak

  1. Go back to Keycloak and paste the Client ID into the Client ID field.
  2. In Azure AD, go to Certificates & Secrets.
  3. Click + New client secret, name it, and click Add.
  4. Copy the newly created secret and paste it into the Client Secret field in Keycloak.
  5. Open the Advanced section in Keycloak and set the Default Scopes to:

🧬 Step 4: Configure Attribute Mappers

In the Mappers tab in Keycloak, configure the following attributes:

Mapper NameTypeClaimUser Attribute NameUser Attribute Value
ol-fullnameAttribute Importernameol-fullname
ol-tenantIdHardcoded Attributenameol-tenantId4a6bfc5d-3bae-45a3-99b9-d1e255875adb
ol-companyHardcoded Attributenameol-company{your company name}
ol-roleHardcoded Attributenameol-rolemember
⚠️

Note: Dynamic mapping of claims such as email, company, or role from Azure AD is under investigation.

✅ Final Steps

  1. Save your configuration in Keycloak.
  2. Navigate to your OL-Hub instance.
  3. You should now see an AzureAD login button on the login page.

🔁 First Login Experience

  • Clicking AzureAD will redirect you to the Azure AD login screen.
  • After logging in, Keycloak may prompt you to set up your initial profile.
  • You’ll be redirected back to OL-Hub.
🧠

On first login, OL-Hub may ask you to provide a license key. If a license was already provided earlier, simply refresh the page.

🎉 You're All Set!

Azure AD SSO is now integrated with OL-Hub. Users can log in securely using their organizational credentials.

Updated about 14 hours ago