Torii integrates with Keycloak and syncs: Users, licenses, and apps discovered by signing in through Keycloak.
To integrate with Torii, you will be required to provide the following: Host name, Port, Realm, Username, Password, and Client ID.
Find the instructions below.
- From your Keycloak admin console, select the realm environment you want to sync
- From the "Clients" tab, select the client you want to be associated with Torii, or create a new Client
- Make sure that the Direct access grant is checked
- Create an admin user
- Give your user a Username
- Enter the user's Email. Note, Entering the Email is not mandatory on Keycloak however it will assist Torii in recognizing the user
- Once you click on "Create," the "User details" window will open
Go to the Credentials tab and click on Set Password
- Set a password
- We highly recommend disabling the toggle so your password will not become "Temporary"
- Go to the Role mapping tab
- Click on Assign role
- Go to the filter and select Filter by clients
- In the search field, write "admin"
- Select "realm-admin" on "Realm-management" and click "Assign"
- The role was added
- To view the application's logins via Keycloak, go to Realm settings >> Events >> User and events settings tab, and ensure the "Save events" toggle is enabled
To connect Keycloak to Torii, follow the below steps:
- Go to the Integrations page and select the Keycloak tile
- Connect to Keycloak
- In the Connect Keycloak window, enter the Host name
- Enter the Port name
- Enter your Realm environment name (from the previous section, step 1)
- Enter the Username (from the previous section, step 5)
- Enter the Password (from the previous section, step 8)
- Enter the Client ID
- Click Connect
- Once the integration is connected and synced, it will display a green checkbox
Update the User Lifecycle settings
To ensure you get the user lifecycle information in Torii, define Keycloak as your Identity Provider management system.
- Under Settings >> User Lifecycle, click on the Edit button to review the options.
- Select Keycloak
- In case Keycloak is your only source for user management, make sure to uncheck Azure and Google workspace checkboxes
- Click Preview changes