Keycloak with Okta SAML Provider

Keycloak with Okta SAML Provider

The post describes how to integrate Keycloak with Okta SAML Provider


We need to configure Keycloak and Okta in parallel. First, you need to add the SAML provider in Keycloak, then you need to add a SAML application in Okta using the Keycloak provider metadata.

Finally you need to import the SAML application metadata into the Keycloak provider.

Add SAML provider in Keycloak

Open Keycloak admin page, open Identity Providers, select the SAML v2.0 provider from the list of providers.

Keycloak SAML Identity Providers documentation is here

Configure SAML provider in Keycloak

Provide the alias. Note that it is part of Redirect URI

Add SAML application in Okta

Provide the application name

Configure SAML Settings

Copy Keycloak’s Redirect URI to the Single sign on URL and Audience URI (SP Entity ID) settings

Configure the application type

Configure the application type and press Finish

We have added the application to Okta, now we need to copy the Identity Provider metadata link and import it into Keycloak.

Note that you need to assign people to the application

Import Okta SAML metadata into Keycloak

Paste the metadata link into the Import from URL area and press on the Import button

Configure First Login Flow

In my previous post I have described how to add Simple Keycloak First Login Flow

Let’s configure the flow and then save the provider configuration

Login using Okta SAML

You open the login and surprise!
We have the additional button that allows us to login to Keycloak using Okta SAML provider:

Note that you can configure Display Name in the provider configuration and to set more friendly name.

When you press on the button you will be redirected to Okta.

Enjoy Okta SAML integration