- Keycloak server deployed and accessible
- Admin access to Keycloak realm
- Navigate to Keycloak Admin Console:
https://[KEYCLOAK-URL]/admin - Login with admin credentials
- Select your realm from the dropdown (top-left)
- Click Clients in the left sidebar
- If you have an existing client: Click on it to open settings, then skip to Step 5
- If creating new: Click Create client button
- In General Settings:
- Client type:
OpenID Connect - Client ID: Enter
frontegg-agentlink
- Client type:
- Click Next
- In Capability config step:
- Client authentication: Toggle
ON - Authorization: Toggle
OFF(unless needed) - Authentication flow: Enable:
- Standard flow
- Direct access grants
- Client authentication: Toggle
- Click Next
- For new clients: In Login settings step, configure:
- For existing clients: Navigate to Settings tab, locate Access settings section:
- Valid redirect URIs: Add (or append to existing):
https://[YOUR-FRONTEGG-DOMAIN]/oauth/callback - Valid post logout redirect URIs: (optional)
https://[YOUR-FRONTEGG-DOMAIN]/* - Web origins: Add:
https://[YOUR-FRONTEGG-DOMAIN]
- Click Save
- In client details page, navigate to Credentials tab
- Copy Client secret value
- Navigate to Settings tab to confirm your Client ID (e.g.,
frontegg-agentlink) - Construct your issuer URL:
https://[KEYCLOAK-URL]/realms/[REALM-NAME]
- Navigate to Client scopes tab in client details
- Ensure these scopes are assigned:
openidprofileemail
- Click Add client scope if missing scopes
provider: keycloak
issuer_url: https://[KEYCLOAK-URL]/realms/[REALM-NAME]
client_id: frontegg-agentlink
client_secret: [from Credentials tab]