Hi, Thanks for the video. I just wonder about why would you want to setup keycloak to integrate with Azure AD, instead of connecting you application directly to Azure AD?
@@computeriseasy Ok it's very cool you are so helpful👍I'm just wondering in what use-cases this setup is useful. I mean if keycloak adds some capabilities that you don't get with Azure AD alone...
@@runner5556 that is a very gut question. I am personally against it to use keycloak as a DB also. I would prefer to get the user from another DB and let them fly over keyclak . In this scenario the users will be two times authenticated, mybe more secure . I think, generally the web security in keycloak is mybe better but as you know and say they are very similar to each other ...
i have not done it before. But i would say , if you give a user in keycloak the administration roles ( the admin role, that is by default in keycloak for maganing realms , clients and ...), that user can manage the other users also.
@@osmarfj6752 it is possible but that user must get the admin role in keycloak otherweise it is not possible. a user from any other Directory without the roles that it get in keycloak can do nothing in keycloak as far as i know.
@@osmarfj6752 a user with a specific role from any AD can not manage keycloak with the role that a user get from that AD. For managing keycloak a user must get the roles from keycloak itself and not from an AD.
Nicve video!, I have a question, Azure AD B2C has all the features shown in Keycloak, if I have Azure and my users are in the AD, why would I use Keycloak?, Thanks
@@vktop2 the users will be two times authenticated and authorized and it means a more secure access to the tools and applications that will be used in your organization.
Hi can you please post video regarding how we can configure the roles from azure AD to keycloak. 2. Also is it possible to configure AWS as identity provider in keycloak
I need to initiate the SSO from Azure Microsoft app section and land it to any of the Keycloak client. Can you explain, is it possible. How identity providers linked to client config?
I need help! I have 3 identity providers and what I want is to show only that list without the "username" and "password" form. I already tried to remove the forms where it has that username and password form. and to be able to leave the "Identify Provider Redirector" Only that but I get the "We are sorry... Invalid username or password." Has anyone tried to show the login only the identity provider list?
the issue I face is that when someone is connecting from Azure it creates an account without roles or permissions, how can i pre-create an account for an user using the identity provider ID? because i cannot find on azure this ID and if i create the account without this and then the user log in, keycloak will create a new account with the right identity provider ID...Where does it get it from and how can i know it to create the account for the user?
By default, Keycloak generates the user's ID using a UUID (Universally Unique Identifier) algorithm, which creates a 128-bit random string in hexadecimal format. This ensures that the user ID is globally unique and highly unlikely to clash with another user's ID.
At the end of this video you are login to keycloak using Azure AD account. Did you try to create second account on Azure AD, then logout first users from keycloak and login to keycloak using second account? In my case, when I logout from first account and i am trying login once again using second account, on the login page i am clicking "Azure" releam and i am automaticaly login on the first account. I am not able to put another Azure AD login and password. Do you have any idea how can i resolve this problem?
i does not work with Azure AD. I posted this video because someone needed that. But to your question: after you logout , do a normal loging to the Master Realm and and go to the Azure Realm and open the users tap and select your user and check if its session still active is or not. And can you tell me which version of keycloak you use?
@@computeriseasy thanks alot sir, actually i followed your ldap tutorial and worked like charm. But Azure AD doesn't support LDAP because of cloud architecture. Thats why i was looking for workaround. Would be eagerly waiting for the tutorial
User Storage Provider@@zaryabbaloch5266 that is very interessting. As you know keycloak supports by default user federation from ldap and microsoft ad. For that goal you need to define a new User Storage SPI. To be honest i have not done but for sure you can find some tutorials.
Thanks very very much, you save my time
your welcome. I am glad that it could help and thanks for your feedback.
Great! Thx
thanks for your feedback.
Hi , i need an springboot api internally which calls the microoft azue of keycloak without exposing the UI of keycloak , please provide
But you have not mapped any group or roles from AD. Would be nice to have a video about that
i would try to post a video about that.
Exactly my thought
Hi, Thanks for the video.
I just wonder about why would you want to setup keycloak to integrate with Azure AD, instead of connecting you application directly to Azure AD?
Hi, some of the people from the community had asked how it will be ;)
@@computeriseasy Ok it's very cool you are so helpful👍I'm just wondering in what use-cases this setup is useful. I mean if keycloak adds some capabilities that you don't get with Azure AD alone...
@@runner5556 that is a very gut question. I am personally against it to use keycloak as a DB also. I would prefer to get the user from another DB and let them fly over keyclak . In this scenario the users will be two times authenticated, mybe more secure . I think, generally the web security in keycloak is mybe better but as you know and say they are very similar to each other ...
Hi, as azure idp is done. How to setup Office 365 SSO/Office 365 portal under keycloak
i have not done it but this link may help you:
keycloak.discourse.group/t/using-keycloak-as-idp-for-office365-and-sharepoint-online/21475
Thank you for the video and explanation.
Do you know how to bring from MS Azure AD users and roles and let Azure users manage users in the Keycloak?
i have not done it before. But i would say , if you give a user in keycloak the administration roles ( the admin role, that is by default in keycloak for maganing realms , clients and ...), that user can manage the other users also.
@@computeriseasy I mean
Is there possible a user from Azure AD manage the users in the keycloak?
@@osmarfj6752 it is possible but that user must get the admin role in keycloak otherweise it is not possible. a user from any other Directory without the roles that it get in keycloak can do nothing in keycloak as far as i know.
@@osmarfj6752 a user with a specific role from any AD can not manage keycloak with the role that a user get from that AD. For managing keycloak a user must get the roles from keycloak itself and not from an AD.
I have a question. Can we configure microsoft azure AD as keycloak identity provider with SAML v2.0 connection?
as far as i know, it should be possible
Nicve video!, I have a question, Azure AD B2C has all the features shown in Keycloak, if I have Azure and my users are in the AD, why would I use Keycloak?, Thanks
that is a very good question. i would say, it is for more security .
@@computeriseasy Thanks for your answer, but why security? could you explain me a little?
@@vktop2 the users will be two times authenticated and authorized and it means a more secure access to the tools and applications that will be used in your organization.
Hi can you please post video regarding how we can configure the roles from azure AD to keycloak.
2. Also is it possible to configure AWS as identity provider in keycloak
Hi, they are two interessting topics. With AWS i have not worked but i would try to post a video about the role mapping from Azure to keycloak.
I need to initiate the SSO from Azure Microsoft app section and land it to any of the Keycloak client. Can you explain, is it possible. How identity providers linked to client config?
sorry, i dont know how it will be.
I need help! I have 3 identity providers and what I want is to show only that list without the "username" and "password" form. I already tried to remove the forms where it has that username and password form. and to be able to leave the "Identify Provider Redirector" Only that but I get the "We are sorry...
Invalid username or password."
Has anyone tried to show the login only the identity provider list?
you mean, you have already removed the username and password form but you get some error, right ?
the issue I face is that when someone is connecting from Azure it creates an account without roles or permissions, how can i pre-create an account for an user using the identity provider ID? because i cannot find on azure this ID and if i create the account without this and then the user log in, keycloak will create a new account with the right identity provider ID...Where does it get it from and how can i know it to create the account for the user?
so , you mean if you open azure and go to users and search for your user , you can not see the ,, object id ,, under the profile of the user?
By default, Keycloak generates the user's ID using a UUID (Universally Unique Identifier) algorithm, which creates a 128-bit random string in hexadecimal format. This ensures that the user ID is globally unique and highly unlikely to clash with another user's ID.
At the end of this video you are login to keycloak using Azure AD account.
Did you try to create second account on Azure AD, then logout first users from keycloak and login to keycloak using second account?
In my case, when I logout from first account and i am trying login once again using second account, on the login page i am clicking "Azure" releam and i am automaticaly login on the first account. I am not able to put another Azure AD login and password.
Do you have any idea how can i resolve this problem?
i does not work with Azure AD. I posted this video because someone needed that. But to your question:
after you logout , do a normal loging to the Master Realm and and go to the Azure Realm and open the users tap and select your user and check if its session still active is or not. And can you tell me which version of keycloak you use?
Hi sir, can you make a video to sync Azure AD users in Keycloak using User Federation with LDAP
Hi, about user federation directly from open ldap i have already posted a video . I woud try to show the sync of users from azure ad in keycloak.
@@computeriseasy thanks alot sir, actually i followed your ldap tutorial and worked like charm. But Azure AD doesn't support LDAP because of cloud architecture. Thats why i was looking for workaround.
Would be eagerly waiting for the tutorial
User Storage Provider@@zaryabbaloch5266 that is very interessting. As you know keycloak supports by default user federation from ldap and microsoft ad. For that goal you need to define a new User Storage SPI.
To be honest i have not done but for sure you can find some tutorials.
Unexpected error when authenticating with identity provider ? i got this error when i am logging with azure ad
you can have a look at the log file of keycloak. There must be more information about the error.
@@computeriseasy i find the problem, it was the secret client uncorrect :) thanks in advance
@@mohamedaymenjebali8009 your welcome, i am glad to hear that and thanks for your feedback.
I'm getting an user update page which i don't want can you help me ?
what do get in your keycloak log file?