Using Azure AD as Keycloak Identity Provider

You need Azure Admin permission to complete this integration.

Create new Azure app

Create a new app registration from portal.azure.com selecting support for Multiple organizations when asked.

Find App registration in search.

Click New registration.

Fill in details as shown below.

Give the application a name and write down Application (client) ID as it will be needed later.

Configure a new secret

Next, go to your App Registrations > Certificates & secrets to create a New client secret. Copy the value of the secret to somewhere at had as it is needed later in the configuration.

  1. In Keycloak, create a new IdP by selecting Microsoft from the drop-down.

  2. Populate Client ID (this is Application (client) ID in Azure) and Client Secret (this is Value from Azure) using values obtained in previous steps.

  3. Finally copy Redirect URI from Keycloak and add Redirect ID UI link in Azure App.

Test the functionality

Open up a new Incognito mode in a browser and use.