Keycloak to support SSO with multiple domains?


I am able to configure the keycloak to support SSO with one domain, but now it requires supporting same funcations with two different domains? Could you please advise if Keycloak can support this? if yes, please share the guidelines.


Would this be distinct Clients? If so, yes.

Thank you, same client, the scenario is users were in one domain but HQ want to move them to another domain, users are in two domains in this transient time, it requires supporting both domains for users at same time, any guideline to achieve this?

Assuming by 'domain’s - you are meaning web domains of the client? If so – Perhaps by inserting additional values in the Client’s ‘Valid Redirect URIs’?

I mean the two Active Directories.

Disclaimer: I have not tested this previously.

The documentations appear to imply ‘yes’ - User Storage Federation | keycloak-documentation

Thank you very much, will try that.