Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How can I configuration SAML in Keyclock to use atlassian cloud

How can I  configuration SAML  SSO in Keyclock to use atlassian cloud?

I got document to configure here

But Keycloak  unsupported and document not have details enough to setting.

please help guide and show configure example.

2 answers

2 accepted

2 votes
Answer accepted

Start by creating a SAML client in Keycloak. Call it whatever you like because we'll be changing it later.

In the Keycloak client configuration, turn OFF "Client Signature Required" and click on "Save".

In Atlassian Access, you need to provide three values:

"Identity provider Entity ID" - this will be your server's URL followed by /auth/realms/<realm name>

"Identity provider SSO URL" - this will be your server's URL followed by /auth/realms/<realm name>/protocol/saml

"Public x509 certificate" - this can be obtained from Keycloak. On our server, I found in under Realm Settings - Keys, then clicking on the Certificate button.

With the values entered, Atlassian Access will give you two URIs - SP Entity ID and SP Assertion Consumer Service URL.

Edit the SAML client you created in Keycloak. Change the client ID to be the "SP Entity ID" value. Copy the "SP Assertion Consumer Service URL" and paste it into "Valid Redirect URIs" and "Base URL". Click "Save".

That should do it. Just remember that SSO only works for validated domains.

Hey @Philip Colmer ,

I can confirm that your user Guide works!

Thx a lot for sharing!

Cheers & best,


Excellent, it worked for me too! @Daniel , could you please correct the documentation? The older general instructions and screenshots are wrong.

Like Daniel likes this

@Preston Lee i believe this message was not meant for me.

0 votes
Answer accepted
Daniel Eads Atlassian Team Aug 31, 2018

Hi Thanapon,

We don't specifically support / test against Keycloak, so it's covered in the Unsupported identity providers section of our setup document. The details in that section apply in general to any SSO provider that supports SAML (which Keycloak does).

On the other side of the equation, you can follow Keycloak's own documentation for setting up a Client for Atlassian Access to use.


Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

514 views 1 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you