User Federation Configuration (optional)

The authentication protocol that the customer decides to use is different per use case. Below is some guidance on how to configure a User Federation in Keycloak.

1. Click on the User Federation menu item on the left-side menu, this should load a list of configured user federations.
   
2. Click on Edit (or click on the name link) on the item labeled ldap in order to load the LDAP (Lightweight Directory Access Protocol) configuration.
   
3. Update the Connection URL field to reflect the LDAP server address where the Active Directory is hosted.
   
4. Update the Users DN field (see the above image) to contain the Full DN of the LDAP tree where your users are.
5. Click on the button Test connection to test the connection from the Keycloak instance to the LDAP server address.

   This should succeed quickly, and if it hangs, there is a possibility that the LDAP server is not allowing access from the Keycloak instance server address, or you may need to use the Public IP address of the LDAP server.

   

6. Update the Bind DN field to reflect the relevant username used to access the LDAP server.
   
7. Update the Bind Credential field (see the above image) to contain the relevant password used to access the LDAP server.
8. (Optional) Click on the Accordion option Sync Settings in order to set up automatic synchronization of users from the LDAP Active Directory to Keycloak. It is also possible configure the auto-synchronization settings here.
   
9. Click the Save button at the bottom of the screen.

   Synchronizing the Users to Keycloak DB

   In order to get the users into the Keycloak DB, the users need to be synchronized for the first time (before the automatic synchronization happens, if applicable).

   This is one simple step:

   Click the button Synchronize all users in order to immediately fetch all of the LDAP Active Directory users and load them into the Keycloak instance DB.

   Synchronizing all users may take some time.