SSO
Keycloak SSO
Use this guide when your organization signs in with Keycloak. Lettermint connects to a Keycloak OpenID Connect client.
Before you start
You need access to the Keycloak realm that should authenticate Lettermint users. Keycloak recommends using specific HTTPS redirect URIs for production web applications.
Keycloak setup
- Open the Keycloak Admin Console.
- Select the realm used by your organization.
- Create an OpenID Connect client for Lettermint.
- Configure the client as confidential.
- Add the Lettermint OIDC callback URL from the SSO guide to Valid redirect URIs.
- Copy the client ID and client secret.
- Note the realm URL.
Lettermint setup
In the Lettermint SSO setup screen, choose Keycloak and enter:
| Field | Value |
|---|---|
| Domain | Your managed email domain, for example example.com. |
| Metadata URL | https://{instance}/realms/{realm}/.well-known/openid-configuration |
| Client ID | The Keycloak client ID. |
| Client secret | The Keycloak client secret. |
Replace {instance} with your Keycloak hostname and {realm} with the realm name.
References
Last modified on