Using Azure AD as Identity Provider
- In the Keycloak config page, select Identity Providers from left hand panel and choose OpenID Connect v1.0
- Give an Alias name (E.g. azuread)
- Give a Display Name (E.g. Azure AD)
- Copy Redirect URI information for use in Synergy SKY Management Suite
Register Application in Azure AD
- Go to aad.portal.azure.com and log in
- Select App Registrations and then click New Registration
- Give application a Name (E.g. Keycloak Demo)
- Select the Supported account types (E.g. Single Tenant)
- Select Web for Redirect URI and paste link copied from Keycloak configuration page
- Click on Register
- Click on Endpoints on next screen and copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) to the associated fields in Keycloak
- Close the Endpoints window and copy the Application (client) ID to the Client ID section of Keycloak, setting the Client Authentication method to Client secret sent as post
- A Client Secret is now required.
- In Azure AD, select Certificates & secrets and then click New client secret
- Add a Description (E.g. Keycloak Secret) and set the Expires timeframe (N.B. make a note of this if needing to renew at a future time) then click on Add
- Copy the Value of the secret once done
- Paste the secret into the Client Secret section in Keycloak configuration and add some Default Scopes (E.g. openid profile email) and then click on Save at the bottom of the page.