Integrating with Keycloak

To integrate with Keycloak, follow the steps:


  • You require administrator privileges in Keycloak.

Get the Service Provider metadata

To make the configuration easier, a Service Provider Metadata XML file is provided. It can be downloaded from the SAML settings dialog:


To save the file for later use, click METADATA DOWNLOAD.


You are assumed to have an existing realm in Keycloak. The following example uses SAML-DEMO.


Creating the SAML client in Keycloak

  1. Switch to Configure > Clients and click Create.

    Keycloak client

  2. Click Select file, and choose the previous downloaded service provider metadata.xml.

    Keycloak import

  3. Click Save. You return to the newly imported client edit page.

    Keycloak save

  4. You need to download the SAML 2.0 IdP metadata. Switch to Realm Settings and click SAML 2.0 Identity Provider Metadata.

    Keycloak metadata

  5. Save the content as descriptor.xml, switch to the Instana-SAML setup page and upload the file. By pressing Save, you activate the SAML integration.

    Keycloak upload

Adding users to Instana

With SAML enabled this is now the only way for your users to access Instana. To enable users, you must get the SAML app assigned to them. So open the application overview in Keycloak, and select to assign a user from the dropdown list.

NOTE: Make sure that every user has an associated email address.

Each new user can receive the default role when first logging in.