@Neiluj said in Apps Compatible with Keycloak SSO: Hi - You can find the list of Cloudron packaged app that are SSO enabled here: https://www.cloudron.io/appstatus.html While this list speaks to a SSO managed by / for Cloudron, I am under the understanding that, for each of these apps, if you leave user management to the app when installting the app on Cloudron, you should be able to configured SSO to work with your Keycloak instance. Hopefully this is a correct assumption. I hope that this helps. Yeah, I'm not certain either, but think you're right that any app that already supports Cloudron SSO could be configured to work with Keycloak SSO too. I think perhaps @Sam_uk is using Keycloak (or similar) for the SSO for his Cloudrons and so could probably chime in with actual knowledge gained from experience.

@girish thank you so much! I completely missed the option to configure trusted ips, my bad. Adding the required ip's to the list solved the issue for me

For the record, the advice was fruitful and I have a working configuration.

To circle back on this... I deployed Keycloak from the app store. I created a new (local) admin user and deleted the temp one (as per the instructions out of the box). I then used the "Login with Cloudron" button and was able to login to Keycloak (as the non admin user from Cloudron directory) and my Cloudron user shows up in Keycloak . I would be very interested in developing/documenting a tight integration/best practices between Cloudron/Keycloak as a way to greatly extend/enhance Cloudron user management. Setting up various tenants, self service enabling signups in those tenants etc. For example, building user on-boarding / approval workflows (where you bring on a new team member and they need to be provisioned into groups). Right now, only Cloudron Superadmins have the ability to manage groups, and that isn't a privilege I want to hand out I originally planned to have Claude build me a web app and utilize the Cloudron API to build that functionality (and was going to AGPLv3 it). However, perhaps, with Keycloak we don't have to fully re-invent the wheel? IAM is a VERY important requirement/feature to compete with AWS/Azure. It's the next thing my board wants to see as we move through go-live with Cloudron across our various projects/entities. Who would be the key people I would need to work with to get this built out/tested/integrated/streamlined? I realize that Cloudron (as I understand it) isn't currently positioned/targeting "enterprise" or those who may use AWS/Azure. I am happy todo the light/medium/(some) heavy lift work to help get it to where I need it to be. I am a founder/CTO of a company that is in the ramp up/growth phase. I steadfastly refuse to use the "big cloud" and Cloudron has been amazing at eliminating about 90% of system admin duties in a reliable way.

@gpichler @msbt I have merged it now and published it

@joseph btw, i ended up uninstalling and reinstalling the Keycloak app and this the process went about as depicted in your video.