Skip to main content

IdP Wizard for Keycloak

A guided, self-serve flow that lets your customers configure their own SAML or OIDC identity provider — without filing a support ticket or learning the Keycloak admin console.

Read the docs

The problem

SSO setup is the slowest part of every B2B onboarding

Configuring SAML or OIDC in the Keycloak admin console is fast for engineers and miserable for everyone else.

  1. Field names don't match

    Keycloak's terminology doesn't line up with what Okta, Azure AD, or Google Workspace call the same fields — every step is a translation exercise.

  2. One typo silently breaks login

    Certificates, metadata URLs, and entity IDs are unforgiving. Mistakes don't fail loudly; they just produce a broken login flow at 3am.

  3. Every customer needs a screen-share

    For B2B teams, this turns every new customer SSO setup into a support engagement with a senior engineer in the loop.

Why we built it

Customer SSO should be self-serve, not a support ticket

The Keycloak admin console is the right tool for the engineer who owns the realm — and the wrong tool to put in front of a customer.

  1. Step-by-step, per provider

    Tailored flows for Okta, Azure AD, Google Workspace, OneLogin, ADFS, and generic SAML/OIDC — with screenshots and the exact fields each provider asks for.

  2. Validate before saving

    The wizard tests the connection before writing config. Certificate mismatches and callback typos surface as errors, not as broken logins.

  3. Built to embed in your product

    Drop the wizard inside the Admin Portal or surface it as a standalone page. Customers configure SSO from inside your app, not inside Keycloak.

  4. Removes the biggest support cost

    SSO onboarding was the single largest support burden we saw across teams running Keycloak in B2B. This was our answer.

What teams use it for

Customer-led SSO setup

Embed the wizard into your app and let customer IT admins finish their SSO setup without a Phase Two or Keycloak login.

Provider-specific guidance

Step-by-step instructions tailored to Okta, Azure AD, Google Workspace, OneLogin, ADFS, and generic SAML/OIDC providers.

Pre-flight validation

Test the connection before saving. Catch certificate mismatches, callback URL typos, and metadata issues before they break login.

Per-organization attachment

Combined with the Organizations extension, each org gets its own wizard-configured IdP — fully scoped to that tenant.

Key capabilities

Guided multi-step flows

A consistent UX for every supported provider. Users follow numbered steps with screenshots, paste in the URLs and certificates the wizard asks for, and finish with a working IdP.

Embeddable in your app

Drop into the Admin Portal or surface as a standalone page. Customers configure SSO from inside your product, not inside Keycloak.

Get started

Install from GitHub

Available as a Keycloak theme/extension bundle. Build from source or pull the pre-built release.

p2-inc/idp-wizard

Read the docs

Setup, supported providers, and how to embed the wizard inside the Admin Portal.

IdP Wizard docs

Skip the install

Phase Two managed Keycloak ships with the IdP Wizard wired into the Admin Portal.

Try the hosted version

Ready to Try Keycloak?
Create Your Free Deployment Today.