Automatic User Provisioning and Sync between Joomla and Keycloak

Keycloak User Sync is an easy-to-use plugin for Joomla to facilitate the synchronization of user data between Keycloak, an identity management platform, and Joomla. This plugin uses the Keycloak Rest API to fetch all the user's profiles from Keycloak to the Joomla database. Seamless support for advanced sync features like bi-directional user sync, automatic user creation & deletion, group mapping, and many more. It provides a simple and secure way to keep user information in sync, allowing administrators to provision users and manage user data with manual, on-demand, or scheduler-based provisioning.

Pre-requisites : Download And Installation

Steps to Setup Keycloak user sync for Joomla

1. Install the Keycloak User Sync for Joomla

• Download the zip file for the miniOrange User Provisioning/User Sync plugin from the link here .
• Login into your Joomla site’s administrator console.
• From Menu, click on System, then under Install section click on Extensions.
• Upload the downloaded zip file to install the User Provisioning/User Sync plugin.
• Installation of the plugin is successful. Now click on Get Started! button.

• Select 'Keycloak' from the list of providers.

2. Configure Keycloak

• Go to your Keycloak console and select your realm and click on Users. Ensure that your Realm does not have a space present in the name.

• Go to Users and click on the Create new user button to create a user.

• On creating a new user enter the required details and click on Create.

• After a user is created go to Credentials tab and click on the Set password button to set a password for the user.

• Enter the user password and click on Save.

• Once the user password is set, go to the Role Mapping tab and assign the user a role of ‘manage-users’ under the ‘realm-management’ client roles.

• Filter the roles by Filter by clients and search by user, select the realm-management, manage-users role and click on the Assign button.

3. Create a Client

• To create a client click on the Clients section on the left panel and click on the Create Client button.

• To create the client, enter the required details and click on the Next button.

• In the next step, select only the Direct access grant type and click on the Save button.

• All the configurations are completed on the Keycloak side. Let’s go to our Joomla Keycloak sync plugin and complete the plugin configuration.

4. Configure Keycloak User Sync Plugin

• Go to the Configure Keycloak tab and enter the Keycloak Domain, Client ID and your Realm name from the Keycloak application that you created above.
• To copy the Keycloak domain, go to your Keycloak console and copy the domain.

• Enter the copied Keycloak domain name in the Keycloak Domain field present on the Configure Keycloak tab.

• To copy the Client ID hover to your Keycloak settings and copy the client ID from there as shown below.

• Copy the Client ID and paste it in the Client ID field in the Configure Keycloak tab.

• To copy the Realm name go to your Keycloak panel and copy the realm name.

• Then paste it in the Realm field in the Configure Keycloak tab.

• Enter the Username and the password of the user you created with the permission of ‘manage-users’ and click on the Save Configuration button.

• Congratulations, you have successfully verfied the User's Email address during registartion.

5. Test Configuration

• To test if the connection is successful or not, click on the Test Connection button present in the Configure Keycloak tab.

6. Sync User to Joomla Database

• Navigate to the tab Keycloak -> Joomla. Under the User Attribute Mapping section map the Keycloak attribute name to the respective Joomla attribute Name and click on Save Configuration.

  Sync an Individual User or All Users

• Enter UserPrincipleName / ID of any user of your Keycloak application.
• Click on the Create User button to create your Keycloak user to your Joomla site Database.
• Or click on the Create All Users button to sync all users from the Keycloak users to your Joomla site Database. (Note: This is a Premium Feature.)

  Sync User Groups (Premium Feature)

• Under the Sync User Groups, you can map user groups from Keycloak to Joomla user groups. Also, select default group for the new/login users.

  Set User Sync Interval (Premium Feature)

• Under Set User Sync Interval section, set up a schedule for automatic user synchronization on a hourly, daily, or weekly basis.

7. Sync User from Joomla Database to Keycloak

  Create and Delete User

• Navigate to the tab Joomla -> Keycloak. Here, under the Create an Individual User section, any user created in Joomla will sync automatically and get created in Keycloak.
• Under the Delete User section, you can delete an individual user from Keycloak.

  Automatic Provisioning (Premium Feature)

• Under the Automatic Provisioning section, you can automate provisioning whenever a user is created, deleted and updated. You can also enable automatic sync of Joomla user password.

  Sync User Attributes and Set Interval (Premium Feature)

• Under the Sync User Attribute tab, you can map user attributes from Joomla to Keycloak.
• You can also set up a schedule for automatic user synchronization, under the Set User Sync Interval tab.

You have successfully configured Keycloak User Sync with Joomla. If you are looking for anything which you cannot find, please drop us an email on joomlasupport@xecurify.com.

Additional Resources

• What is SCIM User Provisioning?
• SCIM (User Provisioning) with Okta
• SCIM (User Provisioning) with OneLogin
• Frequently Asked Questions (FAQs)