Keycloak configuration

Configuration in the Keycloak Web Console

Login to your Keycloak instance with administrator privileges and enter the Administration Console

Select the realm of the users who should be synchronized and click on Clients in the left-hand navigation bar.
Click on the Create client button of the client view to register a new client for the User & Group Sync connector

Provide a name for the Client ID and make sure that the Client type is OpenID Connect and click on Next.

In the Capability config tab, enable both the Client authentication and Authorization options, and have the other options as the following screenshot, then click on Next:

Keep the settings in the next tab as is, and click on Save.

The following assignment might not be required when registering a client in the master realm.

Switch to the Service account roles tab and click on the Assign role button.

Select "Filter by clients" and search for "manage-users" then click enter. Choose "realm-management / manage-users" and click on Assign.

The settings should look like the below now:

Go to the Credentials tab, and copy the Client secret. You may regenerate it at any time.

Configuration in User & Group Sync Configuration page

Navigate to the administration console for Jira, Confluence, or Bitbucket

Confluence: search for USERS & SECURITY under which you'll find User & Group Sync
Jira: navigate to the User management tab in which you'll find User & Group Sync
Bitbucket: navigate to Administration/ Accounts you'll find User & Group Sync listed here

Click on Add Connector and choose Keyloak Connector.

Set a name, insert your Keycloak URL appending /auth at the end, and provide

realm name
client-id
secret

as per your Keycloak setup earlier. Use the Save and Test Connection button to check if User Sync can connect to Keycloak successfully.

To schedule a periodic synchronization of your Keycloak directory with User & Group Sync, click on Show Advanced Settings at the very bottom of the page.
Enable Scheduled Synchronization needs to be checked, the default cron expression would then cause a sync every day at 2 am.

Click Save and Return to finish the configuration.

You are now ready to toggle a full sync. Simply click the "Sync" button.

Please read here, if you already have users in your system which you want to migrate, without losing their history. Don't hesitate to reach out to https://www.resolution.de/go/support, if you need any help with achieving this.

Keycloak configuration

Configuration in the Keycloak Web Console

Configuration in User & Group Sync Configuration page

Additional Resources:

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.

Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.

Configuration in the Keycloak Web Console

Configuration in User & Group Sync Configuration page

Additional Resources:

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.

Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.