1

Ensure that you gathered all required information for configuring integration.

See Prerequisites for SSO configuration.

2

Register an application for SSO purposes on Microsoft Azure.

See Registering an application for SSO purposes.

3

Enable the application to read data from the Microsoft Azure Active Directory.

See Allowing the application to read Microsoft Azure directory data.

4

Obtain the following application data:

• Application ID

• Application Client secret.

See Obtaining the application ID and Obtaining the application client secret.

You must have this data when you configure an identity provider on Keycloak.

5

Configure an Office 365 OAuth2 identity provider on Keycloak.

See Adding an Office365 OAuth2 identity provider to Keycloak.

6

Disable the identity provider redirector.

See Disabling the identity provider redirector.

7

Add a hard-coded user role in Keycloak

See Adding a hard-coded user role in Keycloak.

8

Configure attribute mapping between the Office 365 identity provider and Keycloak.

See Modifying the attribute mapping between the third-party identity provider and Keycloak.

For information about mappers that you must configure on Keycloak, see Attribute mapping parameters for Office 365 OAuth2 identity provider.

9

Configure the LDAP UID mapping.

See Configuring the LDAP UID mapping.

10

Test the integration with Office 365.

See Testing the integration with an identity provider from the Google Chrome web browser.

11

Configure expiry time for access and refresh tokens.

See Configuring access and refresh token expiry times.