1. Display name
...
Create mapper for givenName:
...
Create mapper for email:
...
Mappers (
...
Managed Groups or Auto create groups)
If you intend to synchronize groups from Keycloak (using Managed groups use Managed groups (manage your users' group meberships in Keycloak) or Auto create groups), you also need a mapper for group claims. If not, you can skip this step.
...
https://<keycloak server>/auth/realms/<realm>/protocol/saml/descriptor
Substitute <keycloak server> with the DNS of your Keycloak server.
Substitute the realm identifier <realm> with your realm.
Alternatively, you can download the metadata file to disk and upload it in the KSSO wizard.
...