Keycloak as SSO for Airtable
Airtable has in their “entreprise” plan a support of SAML Single Sign on.
The documentation explains how to proceed with Okta, Google, OneLogin, Azure AD ou ADFS. Let’s look how to integrate your Keycloak.
https://support.airtable.com/docs/configuring-sso-in-the-admin-panel
Create a SAML client:
Important: the client ID must be “https://airtable.com/sso/metadata0418.xml" due to “Audience” restrictions Airtable need.
I filled the “IDP-Initiated SSO URL name just for having a simpler URL.
Get “Target IDP initiated SSO URL”, we will use it later.
Airtable need email in NameID field:
In the new Admin UI in Keycloak, you have to open “Client scopes” section, then click on the first scope for custom mappers.
Then, define the mapper.
You have 2 choices :
- from the “realm settings”, open “SAML 2.0 Identity Provider Metadata”, then get the cert
- Or from “Keys”, get the rsa key used for signature :
Go to “Add SSO identity provider”, then:
in the “sign-in URL”, paste your “Target IDP initiated SSO URL” got previously.
in the X.509 certificate field, add your certificate between:
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
You’re done ! now your Keycloak is your SSO for Airtable!