1. Display name
...
Open the Mappers tab. We are going to add:
lastName
givenName
emailmanaged groups sent via SAML response
...
Create mapper for lastName:
...
Create mapper for givenName:
...
Create mapper for email:
...
Mappers (
...
Group memberships)
If you intend to use synchronize groups from Keycloak (using Managed groups (manage Jira groups from Keycloakor Auto create groups), you also need a mapper for group claims. If not, you can skip this step.
Create mapper for Group claims from identity provider (legacy, pre-5.3):
Set Name and Friendly Name to Group
Set Group attribute name to http://schemas.xmlsoap.org/claims/Group
Set Full group path to OFF
...
https://<keycloak server>/auth/realms/<realm>/protocol/saml/descriptor
Substitute <keycloak server> with the DNS of your Keycloak server.
Substitute the realm identifier <realm> with your realm.
Alternatively, you can download the metadata file to disk and upload it in the KSSO wizard.
...