Integrate with Keycloak


  • You will require administrator privileges in Keycloak.

Get the Service Provider Metadata

To make the configuration easier, we provide a Service Provider Metadata XML file. It can be downloaded from the SAML settings dialog:


To save the file for later use, click METADATA DOWNLOAD.


We assume you have an existing realm in Keycloak. Our example below uses SAML-DEMO.


Creating the SAML client in Keycloak

  1. Switch to Configure > Clients and click Create

Keycloak client

  1. Click Select file and choose the previous downloaded service provider metadata.xml

Keycloak import

  1. Click Save. You will return to the newly imported client edit page.

Keycloak save

  1. We need to download the SAML 2.0 IdP metadata. Switch to Realm Settings and click SAML 2.0 Identity Provider Metadata.

Keycloak metadata

  1. Save the content as descriptor.xml, switch to the Instana-SAML setup page and upload the file. By pressing Save you activate the SAML integration.

Keycloak upload

Adding Users to Instana

With SAML enabled this is now the only way for your users to access Instana.

To actually enable users they have to get the SAML app assigned to them.

So open the application overview in Keycloak and select to assign a users from the dropdown.

NOTE: Make sure that every user has an associated eMail-address.

Each new user will receive the default role when first logging in.