Rest API Keycloak Configuration

miniOrange User Sync/Group Sync allows sync across Jira, Confluence, Bitbucket from Keycloak as Identity provider!

miniOrange provides all essential Identity Providers (IdPs) built-in configuration like Microsoft Entra ID (Previously known as Azure AD), miniOrange, Okta, OneLogin, Oracle, Keycloak and G-suite. Also we support Rest API configuration with any IDP's by using the custom Rest API App option.

The User & Group Sync app by miniOrange helps you synchronize user and group data from Identity Providers such as AWS, OneLogin, Oracle IDCS, Microsoft Entra ID (Previously known as Azure AD), Okta, G Suite, and many others.

Configuring miniOrange User Sync add-on with Keycloak as Identity Provider requires you to have below information -

Following information will be required when configuring your IDP with Rest API

Client ID -

Client ID is provided by the Keycloak after creating an app. This Client ID is used to uniquely identify the App inside Keycloak. This Client ID is required for configuring User Provisioning with REST API using miniOrange User Sync/Group Sync add-on.

Client Secret -

Client Secret is also provided by the Keycloak when you create an app. This Client Secret is used for authentication purposes in Keycloak. The Client Secret is required for configuring User Provisioning with REST API using miniOrange User Sync/Group Sync add-on.

Keycloak Domain URL -

Keycloak Domain URL is a URL provided by Keycloak to an organization. Keycloak manages all the apps and users of a specific organization under this domain. The typical Keycloak Domain URL is the tenant name (the subdomain), and then the domain name.

Example domain:

Realm Name -

Keycloak Realm is a space where you manage objects. There are majorly two types of realms - Master, Other Realms. Master Realm is created & provided by Keycloak and the Realms created by admins are called Other Realms. You have to mention the Realm name to sync the users from a Realm.

Set Scheduler Time Interval:

miniOrange User Sync/Group Sync add-on allows you to sync your users automatically after a particular time interval. For ex. Hourly, Daily, Twice Daily, Weekly etc.

Follow the below steps to configure Keycloak with miniOrange User Sync/Group Sync app with Keycloak Rest API:

  1. Log in to your Keycloak admin dashboard.
  2. Navigate to Clients tab and create a Client with Client ID as name, Client Protocol as open id connect.
  3. In the settings tab of the newly created client configure following settings -
Option Value
Access Type Confidential
Valid redirect URIs Your Jira base URL
  1. Also, make sure that you have enabled/Turned on Standard Flow Enabled, Direct Access Grants Enabled, Service Accounts Enabled, Authorization Enabled.
  2. Now save the settings and navigate to Roles tab and under uma_protection, turn on Composite Roles and transfer all the Realm roles from Available Roles to Associated Roles.
  3. Navigate to the Credentials tab. You will get the client secret details from here.

Get more information about integrating miniOrange User Sync/Group Sync with Keycloak:


You can check our detailed Jira setup guidelines for Keycloak Rest API configuration on this page.