deskbird supports secure Single Sign-On (SSO) via Keycloak, an open-source identity and access management solution. This setup ensures centralized user authentication and automatic synchronization of user and group data between your identity provider and deskbird.
This article guides you through integrating deskbird with Keycloak using SAML.
- Create a SAML Client in Keycloak
- Configure Redirect and Assertion URLs
- Add Mappers
- Provide us with your public key certificate
1. 🛠️ Create a SAML Client in Keycloak
Navigate to Clients > Create and configure the client as shown below:
| Field | Value |
|---|---|
| Client ID | https://api.deskbird.app/saml/metadata |
| Name | deskbird |
| Client Protocol | saml |
| Login Theme | keycloak |
| Enabled | ON |
| Include AuthnStatement | ON |
| Sign Documents | ON |
| Sign Assertions | ON |
| Signature Algorithm | RSA_SHA256 |
| SAML Signature Key Name | KEY_ID |
| Canonicalization Method | EXCLUSIVE |
| Encrypt Assertions | OFF |
2. 🔁 Configure Redirect and Assertion URLs
Set the following fields in your Keycloak client:
| Field | Value |
|---|---|
| Name ID Format | |
| Root URL | https://app.deskbird.com |
| Valid Redirect URIs | https://app.deskbird.com/__auth/handler |
| Assertion Consumer Service POST Binding URL | https://app.deskbird.com/__auth/handler |
| Assertion Consumer Service Redirect Binding URL | https://app.deskbird.com/__auth/handler |
| Logout Service POST Binding URL | https://app.deskbird.com/__auth/handler |
3. 🧩 Add Mappers
Go to Clients > https://api.deskbird.app/saml/metadata > Mappers and add the following:
Firstname & Lastname
Use the same setup for both:
| Field | Value |
|---|---|
| Mapper Type | User Property |
| Property | firstName / lastName |
| Friendly Name | first_name / last_name |
| SAML Attribute Name | first_name / last_name |
| NameFormat | Basic |
Email (for NameID)
| Field | Value |
|---|---|
| Mapper Type | User Attribute Mapper For NameID |
| Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified |
| User Attribute |
(Optional) Email Mapper
| Field | Value |
|---|---|
| Mapper Type | User Property |
| Property | |
| Friendly Name | |
| SAML Attribute Name | |
| NameFormat | Basic |
4. 📩 Provide us with your public key certificate
Important: Once you’ve completed the Keycloak setup, please reach out to your deskbird Customer Success Manager, or deskbird Support via support@deskbird.com and share your public key certificate. This is required to finalize the SAML integration.