SSO Keycloak (Entra ID) setup

1. Log in as an admin user to the Microsoft Entra admin center.

2. Go to Entra ID → Enterprise applications → New application.

3. Click Create your own application. Give the application a name (for example, “Admicom Identity”). Choose Integrate any other application you don’t find in the gallery (Non-gallery). Finally, click Create. 
   

4. Once the enterprise application has been created, go to Single sign-on. 
   

5. Choose SAML 
   

6. Click Edit under Basic SAML Configuration. Choose the values depending on the SSO environment (you’ll receive the <identifier> value from Admicom):

   1. Test
      Identifier (Entity ID): https://idp.test.admicom.io/realms/admicom
      Reply URL: https://idp.test.admicom.io/realms/admicom/broker/<identifier>/endpoint 

   2. Production
      Identifier (Entity ID): https://idp.admicom.com/realms/admicom
      Reply URL: https://idp.admicom.com/realms/admicom/broker/<identifier>/endpoint
      
      Press Save.
      

7. In Attributes and Claims, click Edit. 

8. Click the row Unique User Identifier. 
   

9. Change the following: Name identifier format: Persistent. Source attribute: user.objectId. Click Save. 
   

10. Ensure that the following attributes are also added under attributes: 
    

11. Copy the App Federation Metadata URL and send it to Admicom
    
    

12. After this, Admicom will complete the necessary configurations on the Keycloak side and will notify you when things are ready.