Easiest solution I have done for users with keycloak as their enterprise IAM is to set up discourse saml
configuring keycloak saml is fairly straightforward
Alernatively, you can connect via openID connect as well
To let users automatically login with SAML, you’ll have to disable all other authentication methods including local login. make sure that your admin account already has a corresponding account on keycloak or you’ll be locked out of admin.