diff --git a/platform/sso/sso_keycloak.mdx b/platform/sso/sso_keycloak.mdx
index 4cfc04491..25691881e 100644
--- a/platform/sso/sso_keycloak.mdx
+++ b/platform/sso/sso_keycloak.mdx
@@ -14,19 +14,77 @@ Single Sign-On is available for enterprise plans. [Upgrade your plan](https://to
If you use the self-hosted version, you must [set up the license](/platform/self_hosting/licensing) and then follow the [sso server setup guide](/platform/sso/sso_server_setup) to use this feature.
:::
-This guide will help you set up Single Sign-On (SSO) for your organization using Keycloak. See the [SSO Getting Started](/platform/sso/sso_getting_started) guide for more generalized steps on setting up SSO.
+This guide will help you set up Single Sign-On (SSO) for your organization using Keycloak.
+See the [SSO Getting Started](/platform/sso/sso_getting_started) guide for more generalized steps on setting up SSO.
-## Set Up Keycloak
+## Setting up Keycloak
-Coming soon...
-[//]: # (TODO)
+To enable SSO with Keycloak, you first need to create a client in your Keycloak instance.
+Log in to Keycloak, choose the correct **Realm**, then navigate to **Clients** and click **Create client**.
-## Set Up Tolgee
+
-When you have all the necessary information from Keycloak, you need to enable the SSO feature in your organization settings and provide the necessary information to Tolgee.
-You can find how to enable SSO in the [SSO Getting Started](/platform/sso/sso_getting_started) guide.
+Enter a **Client ID** (e.g., `tolgee`), select **OpenID Connect** as the **Client Type**, and click **Next**.
-## Log In with SSO
+
-Once you have set up SSO, you can log in to Tolgee using the **Log in with SSO** button on the login page and enter the domain name.
+Now configure the capabilities. You can see how the configuration should look in the image below.
+
+* **Client authentication**: Enabled
+ * We will be using Keycloak for authentication; authorization by third-party providers is not supported.
+* **Authentication flow**: Standard flow
+ * Enables the standard OAuth 2.0 authorization code flow.
+
+
+
+Set login settings as follows. You can also see the configuration in the image below.
+
+* **Root URL**: `https://app.tolgee.io` (for Tolgee Cloud) or your Tolgee instance URL
+* **Home URL**: Same as **Root URL**
+* **Valid redirect URIs**: `/login/auth_callback/sso`
+ * This is the callback URL where Keycloak will redirect users after successful authentication.
+
+You can also set `Valid post logout redirect URIs` and `Web origins` if you want to, though
+Keycloak logout flow is not supported.
+
+:::info Logout and disabled accounts handling
+Tolgee handles logout and general account availability automatically by checking token validity
+every few minutes if a client tries to access Tolgee.
+:::
+
+
+
+Once saved, navigate to the **Credentials** tab to get your **Client Secret**. You can see it in the image below.
+
+
+
+### Finding the endpoints
+
+You can find all the required endpoints in Keycloak’s **OpenID Provider Configuration** (Well-Known URL).
+
+```
+https:///realms//.well-known/openid-configuration
+```
+
+Look for `authorization_endpoint` (the URL where users are redirected to authenticate) and
+`token_endpoint` (the URL where Tolgee exchanges the authorization code for access tokens).
+
+
+## Setting up Tolgee
+
+You will need the following values for Tolgee:
+
+* **Client ID**: The same as the client ID you entered in the first step above
+* **Client Secret**: Found in the **Credentials** tab
+* **Authorization endpoint**: Found in the response of the [well-known request](#finding-the-endpoints)
+* **Token endpoint**: Found in the response of the [well-known request](#finding-the-endpoints)
+
+When you have all the necessary information from Keycloak, you need to enable the SSO feature
+in your organization settings and provide the necessary information to Tolgee.
+You can find detailed instructions on how to enable SSO in Tolgee in the [SSO Getting Started](/platform/sso/sso_getting_started) guide.
+
+## Logging in with SSO
+
+Once you have set up SSO, you can log in to Tolgee using the **Log in with SSO** button
+on the login page and enter the domain name.
After that, you will be redirected to the Keycloak login page to authenticate.
diff --git a/platform/sso/sso_okta.mdx b/platform/sso/sso_okta.mdx
index 248463b2a..79a819ece 100644
--- a/platform/sso/sso_okta.mdx
+++ b/platform/sso/sso_okta.mdx
@@ -16,13 +16,13 @@ If you use the self-hosted version, you must [set up the license](/platform/self
This guide will help you set up Single Sign-On (SSO) for your organization using OpenID Connect with Okta. See the [SSO Getting Started](/platform/sso/sso_getting_started) guide for more generalized steps on setting up SSO.
-## Set Up Okta
+## Setting up Okta
First, you must set up an **OpenID Connect application** in Okta. To do this, log in to your Okta account
-and navigate to the **Admin** panel. Then find the **Applications** section and click on **Create App Integration**:
+and navigate to the **Admin** panel. Then find the **Applications** section and click on **Create App Integration**.
-Now select **OIDC - OpenID Connect** as the Sign-in method and **Web Application** click **Next**:
+Now select **OIDC - OpenID Connect** as the Sign-in method and **Web Application** click **Next**.
@@ -30,7 +30,7 @@ Fill in the **Application settings**:
- Grant type: **Authorization Code**
- Login redirect URIs: **https://app.tolgee.io/login/auth_callback/sso** (if you use Tolgee cloud) or your Tolgee instance URL ending with `/login/auth_callback/sso`
-Click **Save**. Here is how the settings can look like:
+Click **Save**. Bellow you can see how the settings can look.
@@ -52,12 +52,12 @@ all user tokens will stop working until the user logs in again. This will break
To find the **Well-Known configuration URL**, click on the chosen **Authorization Server** and navigate to **Metadata URI**.
-## Set Up Tolgee
+## Setting up Tolgee
When you have all the necessary information from Okta, you need to enable the SSO feature in your organization settings and provide the necessary information to Tolgee.
-You can find how to enable SSO in the [SSO Getting Started](/platform/sso/sso_getting_started) guide.
+You can find how to enable SSO in Tolgee in the [SSO Getting Started](/platform/sso/sso_getting_started) guide.
-## Log In with SSO
+## Logging in with SSO
Once you have set up SSO, you can log in to Tolgee using the **Log in with SSO** button on the login page and enter the domain name.
After that, you will be redirected to the Okta login page to authenticate.
\ No newline at end of file
diff --git a/static/img/docs/platform/sso/sso_keycloak_client_credentials.png b/static/img/docs/platform/sso/sso_keycloak_client_credentials.png
new file mode 100644
index 000000000..03968e3ed
Binary files /dev/null and b/static/img/docs/platform/sso/sso_keycloak_client_credentials.png differ
diff --git a/static/img/docs/platform/sso/sso_keycloak_create_client.png b/static/img/docs/platform/sso/sso_keycloak_create_client.png
new file mode 100644
index 000000000..7c0e876aa
Binary files /dev/null and b/static/img/docs/platform/sso/sso_keycloak_create_client.png differ
diff --git a/static/img/docs/platform/sso/sso_keycloak_create_client_step1.png b/static/img/docs/platform/sso/sso_keycloak_create_client_step1.png
new file mode 100644
index 000000000..22d588e57
Binary files /dev/null and b/static/img/docs/platform/sso/sso_keycloak_create_client_step1.png differ
diff --git a/static/img/docs/platform/sso/sso_keycloak_create_client_step2.png b/static/img/docs/platform/sso/sso_keycloak_create_client_step2.png
new file mode 100644
index 000000000..cee25aeed
Binary files /dev/null and b/static/img/docs/platform/sso/sso_keycloak_create_client_step2.png differ
diff --git a/static/img/docs/platform/sso/sso_keycloak_create_client_step3.png b/static/img/docs/platform/sso/sso_keycloak_create_client_step3.png
new file mode 100644
index 000000000..f9b7a24b6
Binary files /dev/null and b/static/img/docs/platform/sso/sso_keycloak_create_client_step3.png differ