Skip to main content

Phase Two Releases Self Service Resource Management

· 2 min read
Phase Two
Hosted Keycloak and Keycloak Support

We’re excited to announce the release of Self-Service Resource Management in the Phase Two Dash. This new capability empowers customers running dedicated Keycloak clusters to directly upload and manage their own resources—such as custom themes and extensions—without waiting for Phase Two intervention.

Custom domains on Phase Two Paid Plans

· 2 min read
Phase Two
Hosted Keycloak and Keycloak Support

Phase Two is happy to announce that custom domains can now be configured via self-serve right in the Dashboard. This feature is only available on paid plans.

Custom domains are a key piece of branding and trust for your users. By using your own domain, you can ensure that your users see a familiar URL when interacting with your Keycloak instance.

Read more about how to set up custom domains in our Custom Domains documentation.

Phase Two Recognized as Official CockroachDB Partner

· 7 min read
Phase Two
Hosted Keycloak and Keycloak Support
CockroachDB logo+Phase Two Logo

Phase Two is thrilled to announce that we have been recognized as an official partner of CockroachDB. This partnership marks a significant milestone in our commitment to providing robust, scalable, and high-performance database solutions for our the Keycloak community and our customers.

Phase Two originally built our CockroachDB integration for Keycloak over two years ago, and since then we have been working closely with the CockroachDB team to ensure that our integration is optimized for performance and reliability. Our customers have seen significant improvements in database performance, scalability, and a overall cost savings by using CockroachDB with Keycloak.

Our commitment to CockroachDB is built on years of using the Cockroach Cloud to power all of our dedicated hosting.

User Events in Keycloak: Best Practices, Management, and Purging

· 6 min read
Phase Two
Hosted Keycloak and Keycloak Support

Keycloak tracks various "user events" to provide auditing and monitoring capabilities related to user activities within a realm. These events capture actions performed by users, such as authentication attempts, account management operations, and more.

When these events have been tracked and not purged for a long period, for high traffic installations, trying to change the retention period can lead to a massive performance problem with your installation. We will walk you through what to consider and how to safely purge these events.

Phase Two Launches New Dashboard for Keycloak Resource Management

· 3 min read
Phase Two
Hosted Keycloak and Keycloak Support

As of today, we’re thrilled to announce the launch of the new Phase Two Dashboard — a fully redesigned application for managing your Keycloak resources. This update goes far beyond a fresh coat of paint. We've rebuilt the experience from the ground up, introducing new capabilities, streamlined workflows, and deep infrastructure enhancements based directly on customer feedback. We've learned that the version of Keycloak we provide, enhanced by the Phase Two library of extensions, solves for the 95% Saas use-case and this release will allow our users to better take advantage of those features. Some features are available today and others will be made available in the next few weeks.

👉 Try it now

Understanding Multi-Tenancy Options in Keycloak

· 5 min read
Phase Two
Hosted Keycloak and Keycloak Support

As more companies build SaaS platforms, the need to serve multiple customer groups—or tenants—from a single system becomes critical. In the identity world, this means implementing multi-tenancy within your identity provider.

In this post, we’ll walk through:

  • What multi-tenancy means in Keycloak
  • The drawbacks of using multiple realms for tenants
  • Why organizations are a better, more scalable approach
  • How the Phase Two Organizations extension supports advanced use cases like theming, shared IdPs, and user membership
  • How our implementation differs from (and improves on) the new native Keycloak organizations feature

We've written extensively about how to model multi-tenancy with organizations and how Phase Two's Organizations extension differs from the native implementation being undertaken by the Keycloak team.

All of Phase Two's hosted environments come standard with all of our popular extensions to make it easy to hit the ground running and cover 95% of all IAM use-cases.

Web Application Security with Your Keycloak Deployment

· 5 min read
Phase Two
Hosted Keycloak and Keycloak Support

As more companies adopt Keycloak for enterprise identity and access management, security is no longer just a back-end concern. One of the most frequent questions we hear at Phase Two is:

"Should I put a Web Application Firewall (WAF) in front of Keycloak?"

The short answer? It depends—but it's a smart question to ask.

In this post, we'll break down what Keycloak provides out of the box, explore common attack vectors (especially around authentication endpoints), and help you evaluate whether you need to add an external firewall or WAF to your deployment.