microsoft azure AD as keycloak identity provider

Рет қаралды 16,464

2 жыл бұрын

microsoft azure in keycloak. keycloak identity provider. integrating microsoft azure in keycloak. azure integration in keycloak. keycloak with microsoft azure. keycloak and azure ad.
#azure #identityprovider #keycloak #microsoftazure #azureAD
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.
docs.microsoft.com/en-us/azur...
www.keycloak.org/

Пікірлер: 44

@user-yc7bq4ev6e Ай бұрын

Great! Thx

@computeriseasy Ай бұрын

thanks for your feedback.

@AhmedKhaled-he9mf 2 жыл бұрын

Thanks very very much, you save my time

@computeriseasy 2 жыл бұрын

your welcome. I am glad that it could help and thanks for your feedback.

@osmarfj6752 Жыл бұрын

Thank you for the video and explanation. Do you know how to bring from MS Azure AD users and roles and let Azure users manage users in the Keycloak?

@computeriseasy Жыл бұрын

i have not done it before. But i would say , if you give a user in keycloak the administration roles ( the admin role, that is by default in keycloak for maganing realms , clients and ...), that user can manage the other users also.

@osmarfj6752 Жыл бұрын

@@computeriseasy I mean Is there possible a user from Azure AD manage the users in the keycloak?

@computeriseasy Жыл бұрын

@@osmarfj6752 it is possible but that user must get the admin role in keycloak otherweise it is not possible. a user from any other Directory without the roles that it get in keycloak can do nothing in keycloak as far as i know.

@computeriseasy Жыл бұрын

@@osmarfj6752 a user with a specific role from any AD can not manage keycloak with the role that a user get from that AD. For managing keycloak a user must get the roles from keycloak itself and not from an AD.

@AbhilashaVar 3 ай бұрын

Hi , i need an springboot api internally which calls the microoft azue of keycloak without exposing the UI of keycloak , please provide

@runner5556 Жыл бұрын

Hi, Thanks for the video. I just wonder about why would you want to setup keycloak to integrate with Azure AD, instead of connecting you application directly to Azure AD?

@computeriseasy Жыл бұрын

Hi, some of the people from the community had asked how it will be ;)

@runner5556 Жыл бұрын

@@computeriseasy Ok it's very cool you are so helpful👍I'm just wondering in what use-cases this setup is useful. I mean if keycloak adds some capabilities that you don't get with Azure AD alone...

@computeriseasy Жыл бұрын

@@runner5556 that is a very gut question. I am personally against it to use keycloak as a DB also. I would prefer to get the user from another DB and let them fly over keyclak . In this scenario the users will be two times authenticated, mybe more secure . I think, generally the web security in keycloak is mybe better but as you know and say they are very similar to each other ...

@eugenyperepelyatnikov4162 2 жыл бұрын

But you have not mapped any group or roles from AD. Would be nice to have a video about that

@computeriseasy 2 жыл бұрын

i would try to post a video about that.

@amjads8971 10 ай бұрын

Exactly my thought

@diptarghyachatterjee6018 Жыл бұрын

Hi can you please post video regarding how we can configure the roles from azure AD to keycloak. 2. Also is it possible to configure AWS as identity provider in keycloak

@computeriseasy Жыл бұрын

Hi, they are two interessting topics. With AWS i have not worked but i would try to post a video about the role mapping from Azure to keycloak.

@vktop2 2 жыл бұрын

Nicve video!, I have a question, Azure AD B2C has all the features shown in Keycloak, if I have Azure and my users are in the AD, why would I use Keycloak?, Thanks

@computeriseasy 2 жыл бұрын

that is a very good question. i would say, it is for more security .

@vktop2 2 жыл бұрын

@@computeriseasy Thanks for your answer, but why security? could you explain me a little?

@computeriseasy 2 жыл бұрын

@@vktop2 the users will be two times authenticated and authorized and it means a more secure access to the tools and applications that will be used in your organization.

@gamerbinh4395 Ай бұрын

I have a question. Can we configure microsoft azure AD as keycloak identity provider with SAML v2.0 connection?

@computeriseasy Ай бұрын

as far as i know, it should be possible

@jaganraj4640 2 жыл бұрын

I need to initiate the SSO from Azure Microsoft app section and land it to any of the Keycloak client. Can you explain, is it possible. How identity providers linked to client config?

@computeriseasy 2 жыл бұрын

sorry, i dont know how it will be.

@krzysztofstawicki80 Жыл бұрын

At the end of this video you are login to keycloak using Azure AD account. Did you try to create second account on Azure AD, then logout first users from keycloak and login to keycloak using second account? In my case, when I logout from first account and i am trying login once again using second account, on the login page i am clicking "Azure" releam and i am automaticaly login on the first account. I am not able to put another Azure AD login and password. Do you have any idea how can i resolve this problem?

@computeriseasy Жыл бұрын

i does not work with Azure AD. I posted this video because someone needed that. But to your question: after you logout , do a normal loging to the Master Realm and and go to the Azure Realm and open the users tap and select your user and check if its session still active is or not. And can you tell me which version of keycloak you use?

@uchihak22 Жыл бұрын

the issue I face is that when someone is connecting from Azure it creates an account without roles or permissions, how can i pre-create an account for an user using the identity provider ID? because i cannot find on azure this ID and if i create the account without this and then the user log in, keycloak will create a new account with the right identity provider ID...Where does it get it from and how can i know it to create the account for the user?

@computeriseasy Жыл бұрын

so , you mean if you open azure and go to users and search for your user , you can not see the ,, object id ,, under the profile of the user?

@computeriseasy Жыл бұрын

By default, Keycloak generates the user's ID using a UUID (Universally Unique Identifier) algorithm, which creates a 128-bit random string in hexadecimal format. This ensures that the user ID is globally unique and highly unlikely to clash with another user's ID.

@user-yb1pd5iv4k 8 ай бұрын

Hi, as azure idp is done. How to setup Office 365 SSO/Office 365 portal under keycloak

@computeriseasy 8 ай бұрын

i have not done it but this link may help you: keycloak.discourse.group/t/using-keycloak-as-idp-for-office365-and-sharepoint-online/21475

@zaryabbaloch5266 Жыл бұрын

Hi sir, can you make a video to sync Azure AD users in Keycloak using User Federation with LDAP

@computeriseasy Жыл бұрын

Hi, about user federation directly from open ldap i have already posted a video . I woud try to show the sync of users from azure ad in keycloak.

@zaryabbaloch5266 Жыл бұрын

@@computeriseasy thanks alot sir, actually i followed your ldap tutorial and worked like charm. But Azure AD doesn't support LDAP because of cloud architecture. Thats why i was looking for workaround. Would be eagerly waiting for the tutorial

@computeriseasy Жыл бұрын

User Storage Provider@@zaryabbaloch5266 that is very interessting. As you know keycloak supports by default user federation from ldap and microsoft ad. For that goal you need to define a new User Storage SPI. To be honest i have not done but for sure you can find some tutorials.