Setting up SSO with Keycloak

This guide will help you set up SAML SSO to log in to the DMARCwise platform using Keycloak as an identity provider.

To start, you’ll first need to gather some configuration data from the DMARCwise settings:

• In the SSO settings page, click Configure.
• You’ll be provided with two URLs:
  • Entity ID
  • Assertion Consumer Service (ACS)
• Copy the Entity ID, you’ll need it shortly.

In a separate browser tab:

• Open the Keycloak Administration Console of your organization.
• Navigate to Clients from the sidebar.
• Click on Create client in the Clients list tab.
• Choose SAML as the Client type.
• Paste the Entity ID in the Client ID field.
• Type DMARCwise in the Name field.
• Click Next.

• From the DMARCwise settings, copy the Assertion Consumer Service (ACS) URL and paste it in the Valid redirect URIs field in Keycloak.
• Click Save.

After the Keycloak client is created, you must also change the following options:

• In the Advanced tab, paste the ACS URL you copied earlier in the Assertion Consumer Service POST Binding URL and Save.
• In the Keys tab, change the Client signature required toggle so that it’s set to Off.
• In the Client scopes tab, click the item in the list that has the text Dedicated scope and mappers for this client in the description column.
  • Click Add predefined mapper.
  • In the list, check X500 email, X500 givenName and x500 surname.
  • Click Add.

You’ll now need to gather the Keycloak SAML metadata URL for the realm in order to enable SSO in DMARCwise:

• In the Keycloak sidebar, navigate to Realm settings.
• At the bottom of the page, copy the URL of the link for SAML 2.0 Identity Provider Metadata.

Now, back to the DMARCwise SSO setup page, which you left at step 1:

• Click Next to proceed to step 2.
• Paste the URL for SAML 2.0 Identity Provider Metadata in the Metadata URL field.
• Click Enable SSO.

As an optional last step, you can configure the Home URL of the Keycloak client with the Login URL that you find in the DMARCwise SSO setup page.