Skip to content

Keycloak Integration Guide

Keycloak provides a secure solution for Identity and Access Management (IAM). This guide will walk you through the steps to integrate Keycloak with Enterprise.

Setting Up Keycloak

Accessing the Keycloak Console

  1. Begin by navigating to the Keycloak console in your browser.

Choosing a Realm

  1. Realm Selection:
    • For a New Realm: Click Create Realm. Provide a name for your new realm and proceed.
    • For an Existing Realm: Select an existing realm from the dropdown menu if applicable. Keycloak Console

Creating and Configuring the Client

  1. Navigate to the Clients tab. Clients Tab

  2. Click Create client and enter the following details:

    • Client ID: (e.g., refact_client)
    • Name: (e.g., Refact Client) Client Creation Form
  3. Adjust the Capability config to:

    • Enable Client Authentication
    • Set Authorization to OFF
    • For Authentication Flow, select only Direct Access Grants, Service Accounts Roles, and Standard flow and deselect other options. Capabilities Config
  4. Configure the Access Settings as follows:

    • Valid Redirect URIs: The URL of your Enterprise inference. For example, https://enterprise.inference-server.local/* (replace enterprise.inference-server.local with your Enterprise URL and make sure to include the trailing slash and an asterisk at the end)
    • Web Origins: The URL of your Enterprise inference. For example, https://enterprise.inference-server.local/ Access Settings
  5. Leave both Root URL and Home URL fields empty in the Login Settings tab. Login Settings

Adding a Service Role to the Client

  1. In your newly created client, add a service role. Refact Client

  2. Click Assign role and modify Filter by realm roles to Filter to clients. Then, in the search field, input view-users. Role Assignment Adding View-users Role

  3. Go to the Credentials tab, locate, and save the Client Secret value. Client Secret

Configuration Summary

Ensure your settings are as follows for successful integration:

client_id = refact_client
client_secret = ***** (Your generated client secret)
realm = your_realm_name
url =

Integrating Keycloak with Enterprise

Regular User Flow

  1. Navigate to your Enterprise instance. Press Continue to Keycloak. Refact Enterprise Login You will be redirected to the Keycloak, enter your credentials and click Sign in.

  2. You will be redirected to your Enterprise instance. You will see your user profile information:

    • Account Login
    • Plugin API Key
    • Your team

Refact Enterprise User

Admin User Flow

  1. Navigate to your Enterprise instance. Press Administrator login. Refact Enterprise Login

  2. Fill in your admin token. Admin Console

  3. Press the Auth tab in the settings dropdown. Refact Integrations

  4. Input the previously configured Keycloak settings. Confirm by clicking Save Settings. Keycloak Settings