# KeyCloak ### KeyCloak as Identity Provider To use KeyCloak as an Auth Provider, you must install and maintain an own installation of KeyCloak. A docker installation is fast achieved. In KeyCloak you have to set up first a "Realm". This is a tenant within KeyCloak. Select (or create) your Realm with the top left corner menu. In your Realm, you can then create and configure a Client. We show here the most minimal configuration to enable Sign in and Sign up with KeyCloak for OpenFlower. ### Setup a KeyCloak Client Choose a name and id for your Client.

Make sure the "Standard Flow" is activated, as also "Client authentication" and "Authorization". Only when checked these options, KeyCloak will issue the needed Client-Secret.

Configure the OpenFlower redirect URLs. {% hint style="info" %} For the cloud, the "Valid redirect URI" is {% endhint %}

After the setup, you can now look for the generated Client-Secret.

copy the Client Secret for the setup of KeyCloak as Auth Provioder in OpenFlower

Check the Settings to make sure the right capabilities are activated...

### KeyCloak as OpenFlower Auth Provider in OpenFlower, go to Settings > OAuth Provider and select "KeyCloak" in the "Add OAuth Provider Dialogue"

Now you can enter all settings for KeyCloak {% hint style="info" %} Instance ID is the Base URL of your KeyCloak Installation {% endhint %}

You can also change settings later.

{% hint style="warning" %} The minimal scope to setup is "offline\_access openid". {% endhint %} Thats it! Now you can use KeyCloak to offer your Users to Sign in and Sign up with KeyCloak.