Skip to main content

Example: Setting up Single Sign-On (SSO) from Microsoft Azure AD to Shakudo Keycloak

This guide provides detailed instructions on how to configure Single Sign-On (SSO) using Microsoft as an identity provider (IdP) for Shakudo Keycloak.

Introduction

Single Sign-On allows users to authenticate once and gain access to multiple applications without logging in separately. Integrating Microsoft with Shakudo Keycloak can enhance user experience by allowing them to authenticate using their Microsoft accounts.

Prerequisites

  • Access to a Microsoft account
  • Admin access to your Shakudo Keycloak instance

Step 1: Configuring Shakudo Keycloak

  1. Log into your Shakudo Keycloak admin console.
  2. Select the appropriate realm.
  3. Navigate to Identity Providers and select Microsoft from the list.

img

  1. Copy the redirect URI, you will need this in the next step.

img

Step 2: Setting up a Microsoft Project

  1. Go to the Azure Portal.
  2. Select or create a new Azure AD application.
  3. Enable the Microsoft Graph API and OAuth Consent Screen.
  1. In the Azure Portal, navigate to the OAuth Consent Screen tab.
  2. Select the user type (External/Internal) and provide required information like App name, email, etc.
  3. Save and move to the next step.

Step 4: Setting up Credentials

  1. Under the Certificates & Secrets tab, click on New client secret.
  2. Register the application type (Web Application). img
  3. Enter your Authorized redirect URIs:
    • Obtain this from your Shakudo Keycloak setup panel. Typically, it looks like https://<keycloak-domain>/auth/realms/<realm-name>/broker/Microsoft/endpoint.
  4. Click Create to obtain the client ID and client secret. img
    img

Step 5: Configuring Shakudo Keycloak

img

  1. Enter the client ID and secret obtained from the Azure Portal.
  2. (Optional) If you wish to use multi-tenants login leave the Tenant ID field empty.
  3. Save your settings.

Step 6: Testing the Setup

  1. Navigate to the Login page provided by Shakudo Keycloak.
  2. Choose Sign in with Microsoft.
  3. Follow the prompts to authenticate via Microsoft.

Conclusion

Congratulations! You've successfully configured SSO from Microsoft to Shakudo Keycloak. Your users can now authenticate using their Microsoft accounts to access the applications managed by your Shakudo Keycloak instance.