Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Configure Keycloak



If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.


If you intend to use Managed groups (manage Jira groups from Keycloak), you also need a mapper for group claims. If not, you can skip this step.

Create mapper for Group claims from identity provider:


Provide the metadata URL (recommended):

https://<><keycloak server>/auth/realms/< >/<realm>/protocol/saml/descriptor

  • Substitute <keycloak .example.comserver> with the DNS of your Keycloak server.

  • Substitute the realm identifier < > <realm> with your realm.

Alternatively, you can download the metadata file to disk and upload it in the KSSO wizard.


This step shows the certificate used to validate the SAML messages.


6. Summary

Confirm Check that everything looks good .and submit your setup (smile)



Test that logging in with Keycloak works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.