diff --git a/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-membership-sync-settings.png b/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-membership-sync-settings.png new file mode 100644 index 000000000..94bbd1d7f Binary files /dev/null and b/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-membership-sync-settings.png differ diff --git a/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-sync-settings.png b/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-sync-settings.png new file mode 100644 index 000000000..b060751a2 Binary files /dev/null and b/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-sync-settings.png differ diff --git a/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-user-sync-settings.png b/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-user-sync-settings.png new file mode 100644 index 000000000..be8c73472 Binary files /dev/null and b/public/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-user-sync-settings.png differ diff --git a/src/pages/manage/team/idp-sync/keycloak-sync.mdx b/src/pages/manage/team/idp-sync/keycloak-sync.mdx index 04556d956..cc93838f6 100644 --- a/src/pages/manage/team/idp-sync/keycloak-sync.mdx +++ b/src/pages/manage/team/idp-sync/keycloak-sync.mdx @@ -142,16 +142,55 @@ To synchronize only groups that match specific criteria, configure the group fil ![Keycloak SCIM Filtering Configuration](/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-filtering-config.png) - -By default, Keycloak SCIM will not automatically push existing users and groups after the initial configuration. -To synchronize existing resources, navigate to `Synchronization` tab. Here you will find two tabs for Users and -Groups where you can manually trigger the initial sync. - +## Initial Sync + +After configuring the SCIM provider and resource filtering, you need to manually synchronize existing users and groups from Keycloak to NetBird. + +### Sync Users + +Navigate to the `Synchronization` tab in your SCIM provider configuration and select `User Synchronization`. + +Confirm the following settings: +* **Identifier**: Set to `Username` +* **Synchronization Strategy**: Set to `Get and (update or create) Strategy` + +![Keycloak SCIM User Sync Settings](/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-user-sync-settings.png) + +Click `Count local and remote resources` to validate that the **Local User Count** and **Remote User Count** values are as expected. + +Once validated, click `Synchronize all resources from startIndex` to sync all users. + +### Sync Groups + +Navigate to the `Synchronization` tab and select `Group Synchronization`. + +Confirm the following settings: +* **Operation Type**: Set to `Create Group` +* **Synchronization Strategy**: Set to `Get and (update or create) Strategy` + +![Keycloak SCIM Group Sync Settings](/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-sync-settings.png) + +Click `Count local and remote resources` to validate that the **Local Group Count** and **Remote Group Count** values are as expected. + +Once validated, click `Synchronize all resources from startIndex` to sync all groups. + +### Sync Group Membership + +Navigate to the `Synchronization` tab and select `Group Synchronization`. + +Confirm the following settings: +* **Operation Type**: Set to `Update Group Members` +* **Synchronization Strategy**: Set to `Get and (update or create) Strategy` + +![Keycloak SCIM Group Membership Sync Settings](/docs-static/img/manage/team/idp-sync/keycloak-sync/keycloak-scim-group-membership-sync-settings.png) + +Click `Count local and remote resources` to validate that the **Local Group Count** and **Remote Group Count** values are as expected. + +Once validated, click `Synchronize all resources from startIndex` to sync all group memberships. ## Verify Synchronization -After configuring mappings in Keycloak, the synchronization will begin based on your schedule settings. You can verify that users and groups -have been successfully synchronized by navigating to `Team > Users` in your NetBird dashboard. +After completing the initial sync, you can verify that users and groups have been successfully synchronized by navigating to `Team > Users` in your NetBird dashboard. ![NetBird Verify Users](/docs-static/img/manage/team/idp-sync/keycloak-sync/netbird-verify-users.png)