Skip to main content
Gradient Background

Identity and Access Management (IAM) Solution to Future Proof Your App

Accelerate SaaS time-to-market and enterprise adoption by rapidly integrating the features needed to support almost anyauthentication and authorization use-cases with Phase Two's Keycloak as a Service offering.

Open Source Logo

We are open source

Pictogram showing fixed US dollar sign

Fixed pricing for peace of mind

Pictogran showing cloud and on-prem servers

Cloud or on-prem deployment


Integration Lines
Okta Logo
Auth0 Logo
Azure Logo
Google Workspace Logo
Active Directory Logo
JumpCloud Logo
Onelogin Logo
Ping Identity Logo
Duo Security Logo

+ many more

Managed Keycloak Hosting

Phase Two provides a modern, open source alternative to fully replace or integrate with any IAMs available.

Color Gradient

Open Source Enterprise Single Sign-on

Leap up market into enterprise adoption with seamless, no-code SSO support.

SSO Login Examples
  • Pictogram showing 5 minutes on a hour
    5-minute integration

    One integration adds all enterprise identity providers. With or without adopting our identity feature, you can support all popular identity providers.

  • Pictogram showing puzzle pieces
    Integrate Once

    SAML, OIDC, OAuth2? Support all the standards without years of development and debugging.

  • Pictogram showing US dollar sign
    No variable cost

    We're not a parasite on your business model. Unlimited SSO connections for a single price.

Admin Portal

Seamless onboarding and self-management for your customer administrators and users. Empower your users and customers to self-service Keycloak and easily manage every aspect of identity, organization and SSO. Drastically reduce customer support.

Screenshots showing management of users, domains and SSO

By Developers, For Developers

Create delightful, seamless experiences for your customers. In just a few minutes!

  • Pictogram showing a code
    Simple Integration

    Our goal is to make it as easy as possible for developers to integrate with our system so they can add SSO and other features quickly and then move on to what's important—their app!

  • Pictogram showing documents
    Full Documentation

    We are building great documentation, tutorials and modern SDKs, so implementation is easy regardless of skill level or technology stack.

  • Pictogram showing a key inside the shield
    Secure and Standardized

    Standards compliance and security are our strengths so you can focus on your your customers.

Protect a page
var auth = new Keycloak({
url: 'https://{host}/auth',
realm: '{realm}',
clientId: '{clientId}'
onLoad: 'login-required'
}).then(function(authenticated) {
alert(authenticated ? 'authenticated' :
'not authenticated');
}).catch(function() {
alert('failed to initialize');
Concentric Circles

Phase Two Heart symbols Keycloak

Phase Two is based on the Keycloak Open Source Identity and Access Management system, built and maintained by Red Hat.

Diagram showing how Keycloak works with Phase Two
Pictogram showing Open Source logo
Always Open Source

Phase Two is built as a collection of open source Keycloak extensions. While we endeavor to make Keycloak simple to use, operate and scale, in the cloud or on prem.

Pictogram showing a fortress
Battle-tested and hardened

Keycloak has been battle-tested and hardened for over 7 years. Its security and reliability is depended on by organizations from small startups to governments and Fortune 500 companies.

Pictogram showing a group of poeple interconnected
Community Superpower

We believe that community participation in building our software is a superpower, and can't wait to see what you will help us build.

Color Gradient

Premium Keycloak Hosting

Phase Two is one price per project. No hidden fees, no unpredictable costs.

We offer a premium hosted Keycloak product to make getting started fast and secure. Set up a free instance with our starter package to get a sense of the simplicity that comes with Phase Two Keycloak hosting.

Starter plan


Always FREE 1

  • CheckmarkShared cluster
  • Checkmark<1,000 users
  • Checkmark<10 SSO connections
  • CheckmarkCommunity support
  • No SLA
Most Popular
Premium plan


from $499/mo 2

  • CheckmarkDedicated cluster
  • CheckmarkUnlimited users
  • CheckmarkUnlimited SSO connections
  • CheckmarkCustom domain
  • CheckmarkEmail support
  • Checkmark99.9% uptime guarantee
Enterprise plan


from $1999/mo 2

  • CheckmarkAll Premium features
  • CheckmarkGlobal deployment
  • CheckmarkCustom themes & extensions 3
  • CheckmarkDedicated support
  • Checkmark99.99% uptime guarantee

(1) Subject to availabilty (2) When paid annually (3) Additional fees based on extension complexity

For on-prem support and bundling options, please contact sales.

Enterprise Keycloak Support Packages

Configuring, integrating and operating an Identity and Access Management system can be daunting.

For both hosted, on-prem customers, or those with their own Keycloak deployment, our goal is to create an understanding in your organization of what is possible with Keycloak. We want to support your goals as you adopt and implement Keycloak in your products. Let us lend our expertise to every step of your journey.

Enterprise plan

Enterprise Keycloak Support Packages


Architecture reviewCheckmarkCheckmark
Installation and configuration supportCheckmarkCheckmark
Email supportCheckmarkCheckmark
Slack supportCheckmark
Phone supportCheckmark
Support hours (US EST)9x524x7x365
Response time (hours)244
Health assessmentQuarterlyMonthly
Incl. service hours (/mth)10 (max)20
Custom developmentCheckmark
Pricing (/mth)from $3,500from $7,500

Frequently Asked Questions?

What is the difference between Phase Two and Keycloak?
Phase Two is a company that specializes in Enterprise level Keycloak Hosting and Support. We are active contributors to the Keycloak project and community. We issue pull requests for issues and take active part in community discussions whether on at Keycloak Dev Day Github, Forums, or mailing lists. We've been working with Keycloak for a long time and have a deep understanding of the project and because of this have built some of the most successful extensions.
Keycloak is an open source Identity and Access Management server software developed and maintained by Red Hat. It is widely used across the world for a multitude of Authentication and Authorization use cases.
What are the advantages to Keycloak Open Source Identity and Access Management System?
Keycloak offers SSO, identity brokering, user federation, fine-grained authorization, and customizable themes. It supports various protocols (OAuth2, OpenID Connect, SAML) and integrates with many platforms.
It's been under development for over 7 years and is an accepted project at the Incubating level of the Cloud Native Computing Foundation (CNCF).
Why does Phase Two offer hosting?
We've seen a lot of Keycloak deployments at scale and know what it takes to be successful. We've put that expertise to use by building and offering a hosted solution to make it easier to adopt Authentication and Authorization to any application at any size. This offloads the burden of DevOps, maintenance, and upgrades to us, allowing teams to focus on shipping product.
What support is provided and included?
Many customers use Keycloak precisely because its Open Source and can be hosted themselves. However, getting that right, how to migrate from another solution, knowing where the pitfalls are, how to scale it, how to troubleshoot, are all things that will be encountered during that process. To that end, we offer Enterprise Support to enable companies to adopt Keycloak.
Why should I migrate to Keycloak?
Migrate to Keycloak and gain full control over your authentication and authorization processes. User migration support is provide so that migration can occur quickly and seamlessly.
How quickly can I migrate to Keycloak?
The answer is, it depends. Migrating to Keycloak can take from a few days to several weeks, depending on the complexity of your current authentication system, data migration needs, and integration requirements. A straightforward setup might be quick, but extensive customization or large user bases will require more time. We spent some time writing up what it takes to migrate to Keycloak from an existing identity provider.
How much does it cost to run Keycloak on my own and is Phase Two a cost effective solution?
The answer is less about the cost to run the server and more about the time it takes to manage a system that runs a scaled, resilient Keycloak solution. Depending on the needs of your Applications, it will determine the resources required to support such a deployment. Our hosted solution allows for fast, globally distributed, resilient systems immediately.
What servers and frameworks does Keycloak support?
Keycloak combines a strong API with a powerful Admin portal to make integration with any server or frontend framework possible. Use it for apps running Spring Boot, Django, Next.js, Nuxt, React, Vue, Remix, Sveltekit, or any other server or frontend framework.
How is Keycloak a an alternative to Auth0, WorkOS, Okta, and Cognito?
We put some thoughts together about this specific topic in a blog post about Keycloak being a open source alternative to these offerings.
What is the difference between Keycloak and Auth.js?
AuthJs is a flexible, client-side authentication library for JavaScript apps, offering simple integration and customization to various providers. Keycloak is a full-featured, server-side identity and access management solution, providing SSO, identity brokering, user federation, and advanced security features.
The biggest difference is that Keycloak does authentication AND authorization. That means Keycloak provides a way to federate login to any SAML or OIDC provider and then manage the permissions of the users in your application. When trying to do this with multiple providers, it quickly becomes a very complex problem. In addition, when you start to layer in things like authentication flows with MFA, Magin Links, or other advanced use cases, managing that quickly becomes a full-time job.
Why can't I just integrate SAML into my own app and be done?
Its not just people logging into your app, which Keycloak can easily do, but it's about handling the use case for your customers and letting them tie their own identity providers into your application.