Prerequisites

Before you can configure Single Sign-On (SSO) integration with the Lumu Portal using Keycloak, ensure that you have the following:

• Administrator access to your Keycloak app.
• Communication with Lumu Support to help you set up the SSO.

Keycloak Settings

1. Access your Realm and go to Realm Settings (1). Scroll down to Endpoints, and click the SAML 2.0 Identity Provider Metadata (2).

2. Copy the link to the Identity Provider Metadata, you’ll need it in the following steps. Now, right-click over the file and save it as an .xml file, you will need to send it to the Lumu support team later.

3. In the left-hand menu, navigate to Identity Providers (1). Then, expand Add provider (2), and select SAML v2.0 (3).

4. Paste the previously copied link into the SAML Entity Descriptor field, then click Add (1).

5. Open your newly created provider, and right-click the SAML 2.0 Service Provider Metadata link. Select Save link as…, and save it with an .xml extension.

6. In the left-hand menu, go to Clients (1), then click Import client (2).

7. Upload the .xml file you downloaded in step 5 into the Resource file field. Then disable the Client signature required option, and click Save.

8. Open your newly imported client and paste the following in the Valid redirect URIs field:

https://managed.lumu.io/api/msp/users/saml/auth

​

Then scroll further down, set Name ID format (1) to email, and enable Force Name ID format (2).

9. Finally, share the .xml file you saved in step 2 with Lumu Support. They will complete the setup and configuration on their end. Once the SSO implementation is complete, Lumu Portal users will be able to log in using Keycloak.

If you encounter any issues or have questions during the configuration process, contact Lumu Support for assistance.