search

asteriskKeycloak Integration

This guide explains how to integrate Keycloak with Oobeya to enable Single Sign-On (SSO) authentication for your users.

hashtag
Overview

By integrating Keycloak as an identity provider, Oobeya can authenticate users via your existing IAM setup, improving security, user experience, and centralized access management.

hashtag
Prerequisites

Before you begin, make sure you have:

  • Access to a Keycloak instance with admin privileges

  • Access to Oobeya Admin Panel

  • Your Keycloak Base URL

  • Your Oobeya Base URL

hashtag
Part 1: Configure Keycloak

hashtag
Step 1: Create a New Client

  1. Log in to the Keycloak Admin Console

  2. Select your Realm (or create a new one)

  3. Navigate to Clients from the left menu

  4. Click Create

hashtag
Step 2: General Settings

Configure the client with the following values:

Setting
Value

Client ID

oobeya-client

Name

Oobeya (optional)

Description

Integration with Oobeya platform (optional)

Always display in UI

On

hashtag
Step 3: Access Settings

Setting
Value
Example

Root URL

{{YOUR_OOBEYA_BASE_URL}}

https://app.oobeya.ioarrow-up-right

Home URL

{{YOUR_OOBEYA_BASE_URL}}/*

https://app.oobeya.io/arrow-up-right*

Valid Redirect URIs

{{YOUR_OOBEYA_BASE_URL}}/*

https://app.oobeya.io/arrow-up-right*

Valid Post Logout Redirect URIs

Optional

Leave empty or define explicitly

Web Origins

{{YOUR_OOBEYA_BASE_URL}}

Add dev URLs if required

Admin URL

{{YOUR_OOBEYA_BASE_URL}}

https://app.oobeya.ioarrow-up-right

hashtag
Step 4: Capability Configuration

Set authentication flows as follows:

  • Client Authentication: On

  • Authorization: Off

  • Authentication Flow:

    • ✅ Standard Flow

    • ⛔ All others disabled

⚠️ Important: Only Standard Flow should be enabled for Oobeya.

hashtag
Step 5: Client Credentials

  1. Open the Credentials tab

  2. Copy the Client Secret

  3. Store it securely — it will be required in Oobeya

hashtag
Part 2: Configure Oobeya

hashtag
Step 1: Open Keycloak Settings

  1. Log in to Oobeya as an Administrator

  2. Navigate to Settings > Keycloak Authentication

hashtag
Step 2: Enable Keycloak Authentication

Enable the toggle:

Configure Keycloak settings to authenticate users

hashtag
Step 3: Connection Settings

Fill in the required fields:

Field
Description
Example

Base URL

Keycloak server URL

https://keycloak.company.comarrow-up-right

Callback URL

Oobeya callback endpoint

{{YOUR_OOBEYA_BASE_URL}}/callback

Realm

Keycloak realm name

oobeya

Client ID

Must match Keycloak

oobeya-client

Client Secret

From Keycloak

********

hashtag
Step 4: User Management Options

Do not allow login if user does not exist in Oobeya

  • Default: Enabled

  • Requires users to be pre-created in Oobeya

Create a profile for every user logging in via Keycloak

  • Default: Enabled

  • Automatically creates user profiles on first login

Recommended Configurations

  • Controlled access: Enable both options

  • Automatic provisioning: Disable user existence check, enable profile creation

hashtag
Step 5: Save Configuration

  • Review all settings

  • Click Save to apply

  • Use Reset to discard changes

hashtag
Part 3: Test the Integration

hashtag
Authentication Test

  1. Log out of Oobeya

  2. Open the Oobeya login page

  3. Click Login with Keycloak

  4. Authenticate via Keycloak

  5. Verify successful redirect to Oobeya

hashtag
Verify User Creation

  1. Log in as an Oobeya admin

  2. Open Users section

  3. Confirm Keycloak users are listed (if auto-provisioning is enabled)

hashtag
Troubleshooting

  • Ensure redirect URLs match exactly

  • Verify realm and client ID consistency

  • Check Keycloak logs for authentication errors

  • Validate client secret correctness

If you need help, contact Oobeya Support or your solution partner.

PreviousUser Management, Single Sign-On, Auth SettingsNextMicrosoft Entra (Azure AD) Integration

Last updated

Was this helpful?