Integrate Microsoft Entra Groups with Keycloak Composite Roles

This page describes how to integrate Microsoft Entra Groups with Keycloak Composite Roles to simplify the Keycloak identity provider configuration.

Note

Azure Active Directory is now known as Microsoft Entra ID.

This is an optional post deployment step.

Prerequisites

To successfully create composite roles in Keycloak, you need the Keycloak admin password and URLs of your kdb Insights Enterprise deployment.

KeycloakPassword

URL

Create kdb Insights Enterprise composite roles

kdb Insights Enterprise uses Keycloak as its Identity and Access Management component.

Follow the steps below to log into Keycloak and create the necessary roles.

  1. Use the keycloakUrl or the insightsUiUrl + /auth/ from the Prerequisites section to navigate to the Keycloak web UI.

    Keycloak

  2. Click Administration Console and log in with the username user and the password you provided during the deployment.

    SignIn

  3. Choose the Insights target realm from the top-left realm drop-down.

  4. Click Roles in the left-hand menu, and then click the Add Role button.

    AddRole

  5. Enter the Role Name: <role name> and click Save.

  6. Turn Composite Roles ON.

  7. Associate it with the desired roles.