Explore documentation
  1. Welcome to Uptime 👋
  2. Frequently Asked Questions
  3. Monitoring
    1. Get started with monitoring
    2. Working with monitors
    3. Customizing monitors
    4. Monitor types
  4. On-call scheduling and alerting
    1. Get started with on-call
    2. Sending alerts to Slack ↗
    3. Connecting external calendars
    4. Advanced on-call setup
  5. Incidents
    1. Working with incidents
    2. Create incidents manually
    3. Post mortems
    4. Incident silencing
    5. Incident metadata
  6. Status pages
    1. Get started with status pages
    2. Working with status pages
  7. Integrations
    1. Integrating with Better Stack
      1. Slack
      2. Microsoft Teams
      3. iOS & Android mobile apps
      4. iOS & Android phone call alerts
      5. On-call routing number
      6. Datadog
      7. New Relic
      8. Prometheus
      9. Zabbix
      10. AWS CloudWatch
      11. Google Cloud
      12. Webhooks
      13. Okta SSO
      14. Azure SSO
      15. Jira
      16. Zapier
      17. Terraform
  8. Team and account management
    1. Team management
    2. Account settings
    3. Audit logs
    4. Migrating to pay as you go
  9. API
    1. Get started with API
  10. Monitors API
    1. Monitors
    2. Monitor groups
    3. Heartbeats
    4. Heartbeat groups
  11. On-call & Incidents API
    1. On-call calendar
    2. On-call calendar events
    3. Escalation policies
    4. Escalation policy groups
    5. Severities
    6. Severity groups
    7. Incidents
    8. Comments
  12. Integrations API
    1. New Relic Integrations
    2. Datadog Integrations
    3. AWS CloudWatch Integrations
    4. Azure Integrations
    5. Google Monitoring Integrations
    6. Grafana Integrations
    7. Prometheus Integrations
    8. Email integrations
    9. Incoming webhooks
    10. Slack Integrations
    11. Outgoing Webhook integrations
    12. Splunk On-Call integrations
    13. PagerDuty Integrations
  13. Status pages API
    1. Status pages
    2. Status page sections
    3. Status page resources
    4. Status page reports
    5. Status page report updates
  14. Other API
    1. Metadata

Keycloak SSO

In this guide, you're going to learn how to connect your Keycloak realm with Better Stack to enable single sign-on (SSO) for you and your colleagues.

SSO set-up walkthrough

  1. Start the SSO set-up by going to Single Sign-On configuration. Note that only organization admins have access to these settings.

  2. On this page click Connect on Generic SAML SSO panel.

  3. Select Keycloak from the list of supported providers.

  4. Take note of the value in the Entity ID field, we're going to need this in a second.

We're going to switch to the Keycloak dashboard now.

  1. Sign in to your Keycloak admin console.

  2. Select realm (or create a new one) you want to connect to Better Stack in upper left corner.

  3. In left menu select Clients and click Create client.

  4. Fill in this data:

    • Client type: SAML
    • Client ID: Entity ID from configuration page in Better Stack
    • Name: any name

  5. On the next page you can keep all the fields blank except Valid redirect URIs where you should input https://betterstack.com/*

  6. On the next page turn on Sign assertions option.

  7. On the top switch to Keys tab and turn off Client signature required option.

  8. On the top switch to Client scopes tab and click on scope with your Entity ID in it's name.

  9. On this page click on Add predefined mapper and select X500 email, X500 givenName, X500 surname options. Click Add.

  10. Click on X500 email and change SAML Attribute Name to email. Go back.

  11. Click on X500 givenName and change SAML Attribute Name to first_name. Go back.

  12. Click on X500 surname and change SAML Attribute Name to last_name. Go back.

  13. In the left menu click on Realm settings.

  14. At the bottom of the page click on SAML 2.0 Identity Provider Metadata. This will open an XML file.

  15. Copy the content of <ds:X509Certificate> element and paste it to X.509 Certificate field in Better Stack configuration.

  16. Copy attribute Location (it is an URL) from <md:SingleSignOnService> element with attribute Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" and paste this URL to Identity Provider Single Sign-On URL field in Better Stack configuration.

  17. Click on Connect in Better Stack configuration - you will be redirected to the Keycloak Sign on page. Sign in with the account you assigned to the Better Stack application, please.

Tada! Your Keycloak Single Sign-On is now configured.