SAML | Keycloak
Set up Keycloak (SAML)
To set up Keycloak (SAML) as your identity provider:
In Keycloak, select Clients in the navigation bar and create a new client.
Name ID Formatto
Next, set the valid redirect URI to the Keycloak domain that you are using. For example,
Set the Master SAML Processing URL using the same Keycloak domain:
If you wish to enable client signatures, enable
Client Signature Requiredand click save.
Set the built-in protocol mapper for the
Next, you will need to integrate with Cloudflare Access.
On the Teams dashboard, navigate to Settings > Authentication.
Under Login methods, click Add new.
Choose SAML on the next page.
You will need to input the Keycloak details manually. The examples below should be replaced with the specific domains in use with Keycloak and Cloudflare Access.
Field Example Single Sign-On URL
IdP Entity ID or Issuer URL
Signing certificate Use the X509 Certificate in the Realm Settings from Keycloak
To test that your connection is working, navigate to Authentication > Login methods and click Test next to the login method you want to test.