Whitelisting domains in KYP SSO

🔑 How to Whitelist a Domain for KYP SSO in Keycloak

KYP provides the option to create a Single Sign-On (SSO) domain, allowing people from different teams or companies to use the same account across various KYP-related platforms.

To enable this functionality, each customer domain must be whitelisted in the Keycloak configuration settings. These are available on the Keycloak portal at:

<yourdomain>/keycloak

Example:
https://sup.kyp.ai/keycloak

🗂️ Step-by-Step Guide to Whitelist a Domain in KYP SSO

1️⃣ Switch to the KYP Realm

SSO must always be configured within the KYP realm.

• 🔄 In the top-left corner of the Keycloak portal, switch the realm to KYP.

2️⃣ Open Realm Settings

• ⚙️ From the left-hand side menu, select Realm settings.

3️⃣ Navigate to the User Profile Tab

• 👤 Open the userProfile tab.

  

• 📧 Click on Email.

  

4️⃣ Add a Validation Rule

• ➕ In the Validations section, click addValidator.

  

• 🔍 Select Pattern.

5️⃣ Define the Allowed Domains

Use the following regex pattern to whitelist domains:

^[^@]+@(kyp\.ai|gmail\.com|google\.com|)$

⚠️ Note: When saved, Keycloak automatically adds double slashes. Ensure only a single slash is present in your original format.

6️⃣ Add a Custom Error Message (Optional)

• 📝 You can display a custom error message if a user tries to log in with a non-whitelisted domain.

Example:

This domain is not allowed - reach out to support@kyp.ai.

7️⃣ Save the Changes

• 💾 Click Save in the bottom left corner to apply the updated settings.

  

• ✅ The new domain restrictions are now active.

🎉 You have successfully whitelisted a domain for KYP SSO.