I need to connect my Keycloak Server to Office365, but it needs to be the current Identity Provider and not Office365.
In my scenario a user login via KeyCloak and then the question is going to O365 and then coming back and the user can use all the things like Login to SharePoint or PowerAutomate.
I found some advice for Office365, but not the other way round. Do the user need to be in Azure AD, when he/she is authenticating via KeyCloak?
I’m not that very familiar with office365, but I’m quite sure microsoft demands azure AD as primary authenticator, with the option to use an external identity provider, but only for external users (invitees).
That means you can add users to your Azure AD with their own company email and credentials. Example:
Your azure ad domain is abc.com, Your users from abc.com domain login via Azure AD
You have a business partner Bob (bob@jones.com) who you need to invite into a teams groups for collaboration. You add bob@jones.com as an external user.
You set up an external identity provider using SAML (or google or facebook) for jones.com
Now when Bob needs to access the Teams group, he goes to teams.microsoft.com, enter his e-mail, microsoft detects that a user exists for him in your tenant and offers Bob the option to log into abc.com using his SAML provider (the jones.com`s keycloak).
For all I know, you cannot configure abc.com users to login into office 365 using an external provider, you’d have sync the users to Azure AD somehow.
Thanks for the answer. If only that is possible. My idea that the user logs in into Keycloak with the Office365 credentials and then the user should redirected to a specific url. Is that possible?
e.g. Laura logs in into Keycloak and KeyCloak imports the user. Then she needs to be redirected to PowerApps.
Yes please, appreciate any guidance in this, since it seems we are a bit stuck and earlier threads on the subject apparently have partly outdated information.
Best regards
Charles
Check out my reply here, If you have more questions let me know.
I’m going to put together a post about my whole setup and process, since I couldn’t find anything really and had to figure it out lol.
Hello
Thanks for the Guide, it works for me as well, as soon as I create the user to the Entra ID federated domain as well. Any ideas on how to sync users from KC to Entra ID?