Keycloak with Okta SAML Provider
The post describes how to integrate Keycloak with Okta SAML Provider
We need to configure Keycloak and Okta in parallel. First, you need to add the SAML provider in Keycloak, then you need to add a SAML application in Okta using the Keycloak provider metadata.
Finally you need to import the SAML application metadata into the Keycloak provider.
Add SAML provider in Keycloak
Open Keycloak admin page, open Identity Providers, select the SAML v2.0 provider from the list of providers.
Keycloak SAML Identity Providers documentation is here
Configure SAML provider in Keycloak
Provide the alias. Note that it is part of Redirect URI
Add SAML application in Okta
Provide the application name
Configure SAML Settings
Copy Keycloak’s Redirect URI to the Single sign on URL and Audience URI (SP Entity ID) settings
Configure the application type
Configure the application type and press Finish
Copy the metadata link
We have added the application to Okta, now we need to copy the Identity Provider metadata link and import it into Keycloak.
Note that you need to assign people to the application
Import Okta SAML metadata into Keycloak
Paste the metadata link into the Import from URL area and press on the Import button
Configure First Login Flow
In my previous post I have described how to add Simple Keycloak First Login Flow
Let’s configure the flow and then save the provider configuration
Login using Okta SAML
You open the login and surprise!
We have the additional button that allows us to login to Keycloak using Okta SAML provider:
Note that you can configure Display Name in the provider configuration and to set more friendly name.
When you press on the button you will be redirected to Okta.