Setting Up the HYPR Keycloak Authenticator

IdP and SP Management: Keycloak Installation

Enabling the HYPR Authenticator

The HYPR Authenticator for Keycloak must be enabled in every Keycloak Realm where it is intended to be used. In this document we will use the Example Realm in the screenshot examples.

  1. Start by accessing the Keycloak deployment's administration console. From the administration console select Authentication from the navigation tree.

  1. From the Authentication settings select the New option on the right. This will initiate the process of creating a new authentication flow within Keycloak.
  • Alias ID identifies the new configuration and will be displayed as the option for the HYPR Authenticator in Keycloak Clients; our example uses HYPRAuthenticator

  • Leave the Top Level Flow Type set to generic

  • Select Save to continue

  1. Now that this authentication flow has been created, select Add execution on the right.

  1. From the Provider drop-down selection choose HYPR Authenticator.

  2. Select Save to continue.

  1. Now that the HYPR Authenticator execution has been added, select the radio button for REQUIRED.

  2. From the Actions drop down on the right select Config to continue.

This will provide you the configuration settings to point the HYPR Authenticator to your HYPR deployment. Fill in these fields as described in the following table; then select Save to complete the HYPR Authenticator configuration.

AliasName of the Configuration.This value is an alias for reference within Keycloak. This can be set to any string value.
Cookie UsernameMax age in seconds of the username.3000
HYPR Relying Party App IDThe application ID of the application created within your HYPR Control Center.webApp
HYPR Relying Party URLThe base URL of your HYPR Server deployment.
HYPR License URLThis is the URL of the HYPR licensing service. If you are using the HYPR Application on the Application Store it must be set to:
HYPR License EnabledIf you are using the HYPR Application on the Application Store this must be toggled ON.

This can be togled OFF if there was a custom SDK deployment.
Authenticator Logo URLThis is a URL to a .png of your company's logo. This will further brand the experience for end users when performing authentication.

Applying the HYPR Authenticator Flow to a Client

With the HYPR Authenticator configured, we are ready to apply this to our federated clients within Keycloak.

  1. Start by selecting Clients in the left navigation tree. This will display each client configured for this Keycloak realm.

  1. Select the client to use HYPR for authentication.

  1. Scroll to the bottom of the Clients settings and open the drop down for Authentication Flow Overrides.

  2. From the Browser Flow drop-down setting, select the alias for the HYPR Authenticator Flow previously created.

  3. Select Save to apply these settings.

This client will now use the HYPR Authenticator for authentication.