Enable Single Sign-On (SSO) and Configure User Mapping

This documentation explains how to configure a mapper that integrates with Single Sign-On (SSO) to automatically assign users to predefined groups in Keycloak. When a new user logs in via SSO, the mapper evaluates the configured mapping rules and ensures the user is added to the appropriate group, simplifying user management and access control.

Step 1

In Ace, open the platform settings from global settings present in sidebar to customize configurations,Then add a new SSO provider to streamline user authentication across your organization

Step 2

Enable SSO integration to allow users to sign in with a single, secure set of credentials.Choose OpenID Connect to establish a modern and secure connection.Enter your OpenID Connect metadata URL; the remaining information will be automatically retrieved.

Click Save, and proceed to create a mapper.

Step 3

Navigate to User Management to oversee user accounts and permissions and then select Mappers to manage how user data and roles are mapped from your identity provider.

Step 4

Add a new mapper to define user group and role assignments.Enter a descriptive mapper name.Specify the group ID to link the mapper with your organization’s directory groups.

Step 5

Select a group to associate with this mapper based on your requirements.Choose a role to define the permissions granted to users in this group. Click Add to create the user mapping quickly.

Step 6

Here is your newly created mapper, which integrates with SSO to automatically assign users to predefined groups.Remove a mapper if it's no longer needed to keep your mappings organized.

This concludes the setup of the SSO Mapper, ensuring seamless user provisioning and simplified group management within Keycloak.