Using Keycloak as IdP for Azure AD

William_CTO · January 11, 2023, 7:05pm

Thanks for the effort!

Grace and peace,
William Hatcher
Owner, Mr. Translate
https://mrtranslate.bot/

mmrvelj · January 30, 2023, 3:25pm

I don’t know if there is better guide somewhere - that I could not find, but this thread helped me to finally setup MS Office 365 login via Keycloak. I want to confirm that hits/guides here worked for me on January 2023 with Keycloak 20.0.3.
More than few posts here are pure gold. Thank you all!

jiny · March 8, 2023, 4:53am

Thank you so much for all your helps; I was able to get working following this guide.

(The question I previously added was not really related in this thread that I remove.
For those who goes to the office main portal, not the started app like teams or ppt etc, check the RelayState)

lithdk · January 30, 2024, 10:44pm

This was great, thank you. Got it working without a single hitch.

Now I can create a user in FreeIPA, have it synced to Keycloak and use it to login to Microsoft 365.

I think I’ll need to disable Azure’s “Security Defaults” to make it a more seamless experience, and integrate PrivacyIDEA for a better MFA experience, but it’s getting there!

yiannakosk · March 6, 2024, 9:39am

Hello to all
I know this is an older post,
I am trying to setup a similar configuration, I succesfully set up sso for a single, manually created user, but I am not sure I understand how the user sync should be done for consequent users added to KC.
Using the [astachowski] provided [keycloak-sync.ps1] PowerShell script would be a solution but it needs a windows server to be executed, scheduled, etc.
Is there any other way to sync Keycloak users to Entra ID? Anything like Entra ID Connect or Cloud sync?

astachowski · March 12, 2024, 11:32am

Hi there,

I’ve created and tested my powershell script on a linux vm.

If could always create an ADFS service if you already have a domain controller.
Tough I never liked the syncing of password hashes into Entra AD - hence this Keycloak based flow.

You could always develop your own application facilitating Microsoft Graph and doing a group check in your own IdM to rollout an Entra ID account.

mmrvelj · April 12, 2024, 10:54am

Does anybody knows how is this ImmutableId generated, and by which system (MS or Keycloak)?

I would like to automate user migration and new user creation, but I am not sure if I can somehow generate those strings. Are they just some kind of random UUID values or there is any additional restriction?

Edit: I read now that it was mentioned that ImmutableId can be anything, so I will try with some generated ID.

Topic		Replies	Views
How to integrate to office 365	5	4036	July 1, 2022
Using keycloak as bridge to saml identity provider Getting advice saml	2	1703	November 24, 2020
Keycloak as a broker between Application that only accepts OIDC, and ADFS which has been setup as SAML Securing applications authentication , identity-brokering , oidc , saml	1	346	May 3, 2023
AD Azure as IDP and keycloak as SP with SAML Getting advice authentication , saml	1	889	October 15, 2020
Keycloak works for Office365 but fails for SharePoint Online Getting advice authentication , saml	4	1199	April 13, 2023

Using Keycloak as IdP for Azure AD

Related Topics