User Federation for SSO Login
This document covers onboarding users via keycloak federation and onboarding LDAP connected applications. The LDAP connector is not needed to link keycloak to ldap
Info about the settings
This assumes that ldap bind user can add users to ldap.
If ldap (User Federation) is set to Edit Mode , Sync Registrations is on and Import Users is on in keycloak
Then the user will be added to ldap at the base of the Users DN set in keycloak
The user’s Credential will be listed as Provided By LDAP
The user’s will get an random password in ldap
If ldap (User Federation) is set to read only and Import Users is on or off in keycloak
The user’s Credential will be listed as Provided By keycloak
If the user is later added to ldap keycloak sync will fail for that user.
If ldap (User Federation) is set to Edit Mode, Sync Registrations is off and Import Users is on or off in keycloak
The user’s Credential will be listed as Provided By keycloak
If the user is later added to ldap keycloak sync will fail for that user.
If ldap (User Federation) is set to Edit Mode , Sync Registrations is on and Import Users is on in keycloak and you have an mapper error
- No error will be shown and user will not be added to keycloak or ldap.
Config tenant
- To go keycloak admin for your tenant
2. Under IDHub Realm go to User Federation
3. Pick ldap under add Provider
4. Setting will very based on your ldap directory config
- Save and Synchronize all user (any errors will pop up with number users imported)
- Go to Manage/users and check that the ldap users show up
If Edit Mode is on clicking delete will remove them from LDAP.