DocumentationAPI ReferenceTerraform ProviderStatus PageSchedule a DemoFree Trial

Keycloak

Suggest Edits

Introduction

This guide will detail the various steps required to integrate Keycloadk as a SAML provider for your env0 organization. The current implementation is used for authentication only, where you define your users in your Keycloak to enable them access to your env0 organization.

Steps

  1. Login to your Keycloak account as an Administrator
  2. In the left-side menu click on the Clients tab
  3. Click on the Create button
  4. In the Client ID enter urn:auth0:env0:YOUR_ENV0_ORG_ID
    e.g. urn:auth0:env0:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
  5. In the Client Protocol dropdown Select saml
  6. Click on the Save button
  7. Under the Settings tab, in the Name enter env0
  8. In the Name ID Format dropdown select email
  9. in the IDP Initiated SSO URL Name enter env0
  10. Open the Fine Grain SAML Endpoint Configuration dropdown
  11. In the Assertion Consumer Service POST Binding URL and in the Assertion Consumer Service Redirect Binding URL enter https:://login.app.env0.com/login/callback?connection=YOUR_ENV0_ORG_ID - e.g. https://login.app.env0.com/login/callback?connection=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
  12. Click on the Save button at the bottom
Client Configuration

Client Configuration

Client Configuration - Fine Grain SAML Endpoint

Client Configuration - Fine Grain SAML Endpoint

Mappers

  1. Click on the Mappers tab
  2. Click on the Add Builtin button
  3. Check the X500 email, X500 givenName and X500 surnameand click on the Add selected button
  4. Click on the Edit button in the X500 givenName and change the SAML Attribute Name to be firstName and click on the Save button
  5. Click on the Edit button in the X500 email and change the SAML Attribute Name to be emailand click on the Save button
  6. Click on the Edit button in the X500 surname and change the SAML Attribute Name to be lastNameand click on the Save button
  7. If you like to also sync your Keycloak groups with env0 you need to click on the Create button in the Mappers tab
  8. Under Name enter groups
  9. In the Mapper Type dropdown select Group list
  10. In the Group attribute name enter groups
  11. In the Friendly Name enter groups
  12. Leave the SAML Attribute NameFormat unselected and Make sure the Single Group Attribute is switched on
  13. You can choose whether to send the full group path. If you like to get the full group path, switch it on, and the teams in env0 will include the full path of the group, e.g. if you have an Front end group inside a RnD group the name of the team in env0 will be /Rnd/Front End
  14. Read more about Teams syncing with env0 here
  15. Click on the Save button

Installation

  1. In order to set your SAML inside env0 go to the Installation tab
  2. In the Format Option dropdown select Mod Auth Mellon Files and click on the Download button
  3. Extract the downloaded keycloak-mod-auth-mellon-sp-config.zip file
  4. Send us the idp-metadata.xml file from the extracted folder using this form
Download XML file

Download XML file

Updated about 1 year ago