Set Up Atatus for SSO

  1. Log in to your Atatus account.
  2. Navigate to Settings → Account Settings → Single Sign-On.
  3. Copy the Account ID, which will be used as the Client ID in Keycloak.
  4. Choose one of the following methods to upload metadata:
  • Option A: Paste the SAML metadata URL from Keycloak. The format should be: https://<your-host>/realms/<realm-name>/protocol/saml/descriptor
  • Option B: Upload the SAML metadata XML file manually.

Atatus SSO

5. Click on the Save SSO button

Note: In order to retrieve the SAML metadata URL, you must first complete the Keycloak configuration steps below.

Configure Keycloak

1. Create a Realm

  • Log in to the Keycloak Admin Console.
  • In the top-left menu, click on Keycloak next to the Master realm.

Keycloak Admin Console

  • Select Create Realm, and provide a name (e.g., Atatus-realm).

Create Realm

  • Once the realm is created, go to Realm Settings.
  • Download the SAML Identity Provider Metadata for later use in Atatus.

Realm Settings

2. Create a Client

  • Navigate to Clients > Create Client.

Create Client

  • Fill in the following details:

    • Client Type: Select SAML.
    • Client ID: Enter the Account ID value obtained from the Atatus Single Sign-On settings page. This acts as the SAML issuer.
    • Home URL (required if accessing Atatus through Keycloak): Enter the Atatus SAML endpoint URL.
    • Valid Redirect URIs (required): Provide either https://www.atatus.com/* or use a wildcard * if flexibility is needed during testing.

Client Config 1 Client Config 2 Client Config 3

  • Use the default settings unless specific changes are needed.Click save.

    Client Save

  • Click Save to create the client.

  • After creation, ensure the client appears in the list.

    Client In List

Now your Single Sign-on feature is enabled and ready for use.