Integrate with Keycloak
TABLE OF CONTENTS
- You will require administrator privileges in Keycloak.
To make the configuration easier, we provide a Service Provider Metadata XML file. It can be downloaded from the SAML settings dialog:
To save the file for later use, click METADATA DOWNLOAD.
We assume you have an existing realm in Keycloak. Our example below uses SAML-DEMO.
- Switch to Configure > Clients and click Create
- Click Select file and choose the previous downloaded service provider metadata.xml
- Click Save. You will return to the newly imported client edit page.
- We need to download the SAML 2.0 IdP metadata. Switch to Realm Settings and click SAML 2.0 Identity Provider Metadata.
- Save the content as descriptor.xml, switch to the Instana-SAML setup page and upload the file. By pressing Save you activate the SAML integration.
With SAML enabled this is now the only way for your users to access Instana.
To actually enable users they have to get the SAML app assigned to them.
So open the application overview in Keycloak and select to assign a users from the dropdown.
NOTE: Make sure that every user has an associated eMail-address.
Each new user will receive the default role when first logging in.