Keycloak is a free and open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.
SINGLE SIGN ON
Users authenticate with Keycloak rather than individual applications. This means that your applications do not have to deal with login forms, authenticating users, and storing users. Once logged-in to Keycloak, users do not have to login again to access a different application. This can also be extended to desktop Single Sign On through Active Directory integrated authentication.
Keycloak also provides single logout, which means users only have to logout once to be logged-out of all applications that use Keycloak.
Enabling login with social networks is easy to add through the Keycloak Administration Console. It is just a matter of selecting the social network you want to add. No code or changes to your application is required.
Keycloak can also authenticate users with generic OpenID Connect or SAML 2.0 Identity Providers. This is simply a matter of configuring the Identity Provider through the Keycloak Administration Console.
MULTI-FACTOR AUTHENTICATION SUPPORT
SELF-SERVICE ACCOUNT CONSOLE
Through the self-service account console, users can manage their own accounts. It provides capabilities such as:
- Update profile information
- Manage their password
- Setup multi factor authentication
- Manage their active and offline sessions
- View their account history
- Link social media providers
- … and much more
Keycloak provides a powerful fine-grained authorization engine which can be leveraged by applications to help build their permissions model. This authorization engine has the advantage that it can be managed through the Keycloak Administration Console, providing a centralized point for Policy Administration and Policy Retrieval, making it suitable for your Zero Trust strategy.
When load increases and/or availability is of importance for your organization, Keycloak has got you covered. It provides powerful clustering capabilities which allow it to scale with workload while simultaneously distributing memory across the cluster, which improves resilience in case a node were to fail, all the while users would not even notice it.
Do you still have requirements that are not supported out-of-the-box by the product? Keycloak’s framework makes it suitable to develop various extensions or plugins to cater for your custom use-cases:
- Authentication modules
- Authorization modules
- User Storage modules
- Event modules
- Password Storage modules
- Look and Feel modules