Integrating Microsoft Entra groups with Keycloak composite roles (optional post deployment step)

Azure Active Directory is now known as Microsoft Entra ID

You can create composite roles in Keycloak and link them to Microsoft Entra groups.

This may simplify the Keycloak identity provider configuration.

Prerequisites

To successfully create composite roles in Keycloak you need the following:

The Keycloak admin password and URLs of your kdb Insights Enterprise deployment.

Create kdb Insights Enterprise composite roles

kdb Insights Enterprise uses Keycloak as its Identity and Access Management component.

Follow the steps below to log into Keycloak and create the necessary roles.

1. Use the keycloakUrl or the insightsUiUrl + /auth/ from the section above to navigate to the Keycloak web UI.

   

2. Click on Administration Console and log in with the username user and the password you provided during the deployment.

   

3. Choose the Insights target realm from the top-left realm drop-down.

4. Click on Roles in the left-hand menu then click on the Add Role button.

   

5. Enter the Role Name: <role name> and click Save.

6. Turn Composite Roles ON.

7. Associate it with the desired roles.