For a site to setup SSO they need to setup an identity provider (IdP)

This can be done via several platforms with one of the most common used by businesses being via Microsoft Active Directory on Azure.

Popular identity providers
Microsoft.
Google.
Facebook.
Apple.
Amazon Web Services (AWS)
Okta
OneLogin
Auth0
SecureAuth

IdP Requirements
These are there requirements for the clients IdP in order to integrate with Keycloak. The clients Systems administrator would need to deploy an IdP with these in mind.

1. Communicate over the Internet using HTTP 1.1 and TLS 1.2 minimum
2. Support the following SSO authentication protocols, in order of preference
    i. OpenID Connect (OIDC) v1.0
    ii. OAuth2
    iii. Security Assertion Markup Language (SAML) v2.0

3. Support the following credential exchange methods for OIDC and OAuth2 protocols
    i. Signed JSON Web Token (JWT) using one of the asymmetrical signing algorithms listed
        ES256
        ES384
        ES512
        RS256
        RS384
        RS512
        PS256
        PS384
        PS512
    ii. Symmetrical pre-shared key (Client Secret)
4. Support validation of signatures using certificates either manually uploaded or using JWKS
5. Supply the following user information
    i. Email Address
    ii. First Name
    iii. Last Name


The client needs to provide the following to [ui] to integrate KeyCloak with their IdP
1. The Client ID for this application, assigned by the IDP.
2. An IDP metadata configuration document for the protocol chosen.
3a. The Client Secret, if using the symmetrical pre-shared key (client secret) client authentication method for OIDC and OAuth2.
3b. The Client Signing Algorithm, if using the signed JWT client authentication method for OIDC and OAuth2.