This document discusses single sign-on (SSO) capabilities for Foreman using Keycloak. It provides an introduction to Foreman and its authentication methods. OpenID Connect and JSON Web Tokens (JWTs) are explained as the standards that enable SSO. The document demonstrates how to configure Foreman as a client in Keycloak to enable SSO, including registering Foreman and adding user mappers. It concludes with a demo and information on resources for using Foreman and Keycloak together.