diff --git a/content/nim/admin-guide/authentication/oidc/keycloak-setup.md b/content/nim/admin-guide/authentication/oidc/keycloak-setup.md
index cfc661138..919a7012a 100644
--- a/content/nim/admin-guide/authentication/oidc/keycloak-setup.md
+++ b/content/nim/admin-guide/authentication/oidc/keycloak-setup.md
@@ -47,8 +47,19 @@ Follow these steps to configure Keycloak.
 
 After the client is created, configure it as follows:
 
-1. On the **Settings** tab, in the **Access Type** list, select **confidential**.
-2. On the **Mappers** tab, select **Add Builtin**, and select **groups**. This exports the user's Keycloak Realm Role information for NGINX Instance Manager to use.
+#### For Keycloak versions earlier than 18.x
+
+1. On the **Settings** tab, set **Access Type** to **confidential**.
+2. On the **Mappers** tab, select **Add Builtin** and choose **groups** to export Keycloak Realm Role information for NGINX Instance Manager.
+
+#### For Keycloak versions 18.x and later
+
+1. On the **Settings** tab, under **Capability config**, enable **Client authentication**.
+2. In the **Authentication flow** section, enable **Direct Access Grants** and **Service Account**.
+3. Go to the **Client Scopes** tab.
+   - Select the scope named **<client_name>-dedicated (nim-dedicated)**.
+   - On the **Mappers** tab, click **Configure new Mapper** and choose **From predefined mappers**.
+   - Search for **groups** and select **Add groups mapper**.
 
 ### Create Keycloak Roles
 
@@ -119,6 +130,8 @@ To configure NGINX Instance Manager with the necessary OIDC settings, follow the
 
 - Export the environment variables:
 
+  - **For Keycloak versions earlier than 18.x**:
+
     ```bash
     # Either the FQDN or the IP address is suitable for these environment variables.
     export KEYCLOAK_IP="<insert-keycloak-IP>"
@@ -134,6 +147,31 @@ To configure NGINX Instance Manager with the necessary OIDC settings, follow the
     export KEYCLOAK_KEYS_ENDPOINT=$(curl -k "https://$KEYCLOAK_IP:8443/auth/realms/<realm-name>/.well-known/openid-configuration" | jq -r ".jwks_uri")
     ```
 
+  - **For Keycloak versions 18.x and later**:
+
+    ```bash
+    # Either the FQDN or the IP address is suitable for these environment variables.
+    export KEYCLOAK_IP="<insert-keycloak-IP>"
+    export NIM_IP="<insert-NIM-IP>"
+    export KEYCLOAK_CLIENT_ID="<insert-keycloak-client-id>"
+    export KEYCLOAK_CLIENT_SECRET="<insert-kecloak-client-secret>"
+
+    # Choose an appropriate Hash-Based Message Authentication Code (HMAC)
+    export HMAC_KEY="<insert-HMAC>"
+
+    export KEYCLOAK_AUTH_ENDPOINT=$(curl -k \
+      "https://$KEYCLOAK_IP:8443/realms/<realm-name>/.well-known/openid-configuration" | \
+      jq -r ".authorization_endpoint")
+
+    export KEYCLOAK_TOKEN_ENDPOINT=$(curl -k \
+      "https://$KEYCLOAK_IP:8443/realms/<realm-name>/.well-known/openid-configuration" | \
+      jq -r ".token_endpoint")
+
+    export KEYCLOAK_KEYS_ENDPOINT=$(curl -k \
+      "https://$KEYCLOAK_IP:8443/realms/<realm-name>/.well-known/openid-configuration" | \
+      jq -r ".jwks_uri")
+    ```
+    
 - Back up the original configuration files:
 
     ```bash