How to Set Up Keycloak as an Identity Provider for Entra ID Single Sign-On (SSO)

how to set up entra id for sso

Summarize with

Summarize with

ChatGPT

Gemini

Claude

Grok

Perplexity

Share on

22/08/2025

Table of Contents

This step-by-step guide shows you how to set up keycloak as an identity provider for Entra ID Single Sign-on (SSO).

Table of contents

Single Sign-On (SSO) makes logging into multiple applications easier and safer. SSO allows users to authenticate once and access everything without needing to sign in again.

This guide explains how to configure to enable SSO via with Microsoft Azure Active Directory (Entra ID).

Our goal is to help you set up authentication to work smoothly with Entra ID, ensuring users can log in seamlessly and securely. We’ll keep things clear and straightforward.

What You’ll Need

Before starting, make sure you have:

  • An Entra ID tenant with administrative access
  • Basic knowledge Entra ID admin panels
  • Access to a browser for testing

Why Use Entra ID?

Entra ID (renamed Microsoft Azure AD) is widely used for enterprise user management. Combining this with our authentication allows your application to use Entra ID’s secure user database while leveraging our authentication component (Keycloak) for SSO and role management.

This setup is especially useful for businesses that want unified login experience across multiple platforms.

Step 1: Understand the SSO Flow

Here’s how the SSO process works in simple terms:

  1. A user tries to access Tridens Monetization or Tridens EV Charge application.
  2. The app redirects them to Keycloak.
  3. Keycloak checks if the user is logged in. If not, it sends them to Entra ID’s login page.
  4. The user enters their Entra ID credentials (like email and password).
  5. Entra ID verifies the user and sends authentication details back to Keycloak.
  6. Keycloak issues a token to the application, allowing the user to access it without logging in again.
  7. User roles from Entra ID groups can be used to control what the user can do in the app.

This flow ensures secure and smooth access while keeping user data managed in Entra ID.

Step 2: Azure App Configuration

  1. Create new Azure app. Create a new App registration from portal.azure.com selecting support for Multiple organizations when asked. You can find App registration in search.
  2. Click New registration.
azure app registration
  1. Fill in App details
azure app details

Once the app is created, Azure will show you the Application (client) ID. Copy this value—you’ll need it later.

  1. Next, go to Certificates and Secrets and create a new client secret. Save the generated value securely; it will also be used in Keycloak.
azure certificates and secrets
  1. Go back to the app details page and click Endpoints. Copy the OpenID Connect metadata document URL. This will be important for Keycloak’s configuration later.

Step 3: Adding Identity Provider (IdP)

  1. Add IdP in Tridens Monetization by going to Business portal > Security > Identity providers.
  2. Fill in the form with Discovery endpoint, Client ID (this is Application (client) ID in Azure) and Client Secret (this is Value from Azure) using values obtained in previous steps.
create identity provider
  1. Add the OpenID Connect metadata document URI under Discovery endpoint field.
openid connect metadata

Step 4: Test Your Keycloak and Entra ID SSO Setup

To make sure authentication works correctly via Entra ID Single Sign-On (SSO) integration, follow these steps to test the login process. This will confirm that users can log in smoothly using their Entra ID credentials.

  1. Open your browser and go to your Tridens Monetization portal (logout if you are already logged in).

You should see a login page like the one below.

tridens monetization sign in
  1. On the login page, click the “Microsoft” button.

This will redirect you to the Microsoft Entra ID login page.

microsoft entra id login
  1. Log In with Microsoft Credentials. Enter your Microsoft Entra ID username and password.

If this is your first time logging in, you may see a permission request asking you to allow the app to access your account. Click “Accept” to continue.

entra id permission request
  1. Check the Result

After accepting, you should be redirected to a profile page in the Keycloak account console.

Seeing this page means the SSO integration is working correctly.

Troubleshooting

If you don’t see the Entra ID login page, double-check your Identity Provider settings.

Ensure your Entra ID credentials are correct and that the user has access to the app. If the profile page doesn’t appear, verify the redirect URI in Keycloak matches your app’s settings.

Tips for Success

  • Test Thoroughly: Try logging in with different accounts.
  • Check Documentation: Refer to Entra ID docs if needed.
  • Backup Configurations: Save your Entra ID settings.

Integrating Tridens Monetization with Entra ID for SSO simplifies user authentication for your web application while leveraging Entra ID’s robust user management.

By following these steps, you can set up a secure and efficient login system.

Picture of Thiong'o Waweru
Thiong'o Waweru
Thiong'o Waweru is a content writer who brings clarity to complex topics like telecom billing, EV charging, and AI-powered solutions. With a knack for simplifying technical ideas, he crafts content that bridges the gap between tech teams and real-world users.
Picture of Thiong'o Waweru
Thiong'o Waweru
Thiong'o Waweru is a content writer who brings clarity to complex topics like telecom billing, EV charging, and AI-powered solutions. With a knack for simplifying technical ideas, he crafts content that bridges the gap between tech teams and real-world users.

Get news in your inbox!


    0 0 votes
    Article Rating
    Subscribe
    Notify of
    guest

    0 Comments
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments