miniOrange User Sync/Group Sync allows sync across Jira, Confluence, Bitbucket from Keycloak as Identity provider!
miniOrange provides all essential Identity Providers (IdPs) built-in configuration like Azure Active Directory, miniOrange, Okta, OneLogin, Oracle, Keycloak and G-suite. Also we support Rest API configuration with any IDP's by using the custom Rest API App option.
The User & Group Sync app by miniOrange helps you synchronize user and group data from Identity Providers such as AWS, OneLogin, Oracle IDCS, Azure AD, Okta, G Suite, and many others.
Configuring miniOrange User Sync add-on with Azure AD as Identity Provider requires you to have below information -
Following information will be required when configuring your IDP with Rest API
Client ID -
Client ID is provided by the Keycloak after creating an app. This Client ID is used to uniquely identify the App inside Keycloak. This Client ID is required for configuring User Provisioning with REST API using miniOrange User Sync/Group Sync add-on.
Client Secret -
Client Secret is also provided by the Keycloak when you create an app. This Client Secret is used for authentication purposes in Keycloak. The Client Secret is required for configuring User Provisioning with REST API using miniOrange User Sync/Group Sync add-on.
Keycloak Domain URL -
Keycloak Domain URL is a URL provided by Keycloak to an organization. Keycloak manages all the apps and users of a specific organization under this domain. The typical Keycloak Domain URL is the tenant name (the subdomain), and then the domain name.
Example domain: companyname.keycloak.com
Realm Name -
Keycloak Realm is a space where you manage objects. There are majorly two types of realms - Master, Other Realms. Master Realm is created & provided by Keycloak and the Realms created by admins are called Other Realms. You have to mention the Realm name to sync the users from a Realm.
Set Scheduler Time Interval:
miniOrange User Sync/Group Sync add-on allows you to sync your users automatically after a particular time interval. For ex. Hourly, Daily, Twice Daily, Weekly etc.
Follow the below steps to configure Keycloak with miniOrange User Sync/Group Sync app with Keycloak Rest API:
Log in to your Keycloak admin dashboard.
Navigate to Clients tab and create a Client with Client ID as name, Client Protocol as open id connect.
In the settings tab of the newly created client configure following settings -
Valid redirect URIs
Your Jira base URL
Also, make sure that you have enabled/Turned on Standard Flow Enabled, Direct Access Grants Enabled, Service Accounts Enabled, Authorization Enabled.
Now save the settings and navigate to Roles tab and under uma_protection, turn on Composite Roles and transfer all the Realm roles from Available Roles to Associated Roles.
Navigate to the Credentials tab. You will get the client secret details from here.
Get more information about integrating miniOrange User Sync/Group Sync with Keycloak: