Hanzo
PlatformHanzo IAMConnecting to IAMSAML

Keycloak (SAML)

Use Hanzo IAM as SAML IdP in Keycloak.

This guide configures Hanzo IAM as a SAML v2.0 identity provider in Keycloak.

Add the SAML IdP in Keycloak

  1. In the Keycloak admin console, go to Identity providers and add SAML v2.0.
  2. On the IdP configuration page, set Alias and paste the Hanzo IAM metadata URL into Import from URL (you can copy this from the Hanzo IAM application edit page).
  3. Click Import so Keycloak fills the SAML settings.
  4. Note the Service Provider Entity ID and save.

saml_keycloak_idp_create saml_keycloak_idp_edit

:::info See Keycloak SAML Identity Providers for full options. :::

Configure the application in Hanzo IAM

In the Hanzo IAM application edit page:

  • Add a Redirect URL that matches the Service Provider Entity ID from Keycloak.
  • Enable SAML compress for Keycloak.

saml_keycloak_compress

Sign in with Hanzo IAM SAML

On the Keycloak login page, use the button for the Hanzo IAM SAML provider. You will be redirected to Hanzo IAM to sign in, then back to Keycloak. Assign users to the application as needed.

saml_keycloak_login saml_keycloak_success

How is this guide?

Last updated on

Google Workspace (SAML)

Use Hanzo IAM as SAML IdP for Google Workspace SSO.

Appgate (SAML POST)

Use Hanzo IAM as SAML IdP for Appgate SDP (POST SAMLResponse).

On this page

Add the SAML IdP in Keycloak
Configure the application in Hanzo IAM
Sign in with Hanzo IAM SAML