Keycloak is a free and open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
Users authenticate with Keycloak rather than individual applications. This means that your applications do not have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users do not have to login again to access a different application. This can also be extended to desktop Single Sign On through Active Directory integrated authentication.
Keycloak also provides single logout, which means users only have to logout once to be logged-out of all applications that use Keycloak.
Enabling login with social networks is easy to add through the Keycloak Administration Console. It is just a matter of selecting the social network you want to add. No code or changes to your application is required.
Keycloak can also authenticate users with generic OpenID Connect or SAML 2.0 Identity Providers. This is simply a matter of configuring the Identity Provider through the Keycloak Administration Console.
Out-of-the-box support for one-time passwords, smart cards and the WebAuthn specification yield sufficient possibilities for your organization's multi-factor authentication requirements. Furthermore, IS4U is the only integrator that supplies its customers with Keycloak-integrated strong identity assurance solutions from itsme®.
Through the self-service account console, users can manage their own accounts. It provides capabilities such as:
Keycloak provides a powerful fine-grained authorization engine which can be leveraged by applications to help build their permissions model. This authorization engine has the advantage that it can be managed through the Keycloak Administration Console, providing a centralized point for Policy Administration and Policy Retrieval, making it suitable for your Zero Trust strategy.
When load increases and/or availability is of importance for your organization, Keycloak has got you covered. It provides powerful clustering capabilities which allow it to scale with workload while simultaneously distributing memory across the cluster, which improves resilience in case a node were to fail, all the while users would not even notice it.
Do you still have requirements that are not supported out-of-the-box by the product? Keycloak's framework makes it suitable to develop various extensions or plugins to cater for your custom use-cases: