We’re excited to announce the release of Self-Service Resource Management in the Phase Two Dash. This new capability empowers customers running dedicated Keycloak clusters to directly upload and manage their own resources—such as custom themes and extensions—without waiting for Phase Two intervention.
Phase Two is excited to share that we have successfully completed a SOC 2 Type II audit. This independently validates that our security and availability controls were not just designed well, but operated effectively over time.
Learn more and request report access at our Trust Center: trust.phasetwo.io.
Phase Two is happy to announce that custom domains can now be configured via self-serve right in the Dashboard. This feature is only available on paid plans.
Custom domains are a key piece of branding and trust for your users. By using your own domain, you can ensure that your users see a familiar URL when interacting with your Keycloak instance.
Read more about how to set up custom domains in our Custom Domains documentation.
Get the theme: Shadcn Keycloak Theme Starter
A shadcn theme starter for Keycloak using Tailwind CSS and Radix UI components. This starter provides a foundation for building a custom, component-based Keycloak theme.
+
Phase Two is thrilled to announce that we have been recognized as an official partner of CockroachDB. This partnership marks a significant milestone in our commitment to providing robust, scalable, and high-performance database solutions for our the Keycloak community and our customers.
Phase Two originally built our CockroachDB integration for Keycloak over two years ago, and since then we have been working closely with the CockroachDB team to ensure that our integration is optimized for performance and reliability. Our customers have seen significant improvements in database performance, scalability, and a overall cost savings by using CockroachDB with Keycloak.
Our commitment to CockroachDB is built on years of using the Cockroach Cloud to power all of our dedicated hosting.
Keycloak tracks various "user events" to provide auditing and monitoring capabilities related to user activities within a realm. These events capture actions performed by users, such as authentication attempts, account management operations, and more.
When these events have been tracked and not purged for a long period, for high traffic installations, trying to change the retention period can lead to a massive performance problem with your installation. We will walk you through what to consider and how to safely purge these events.
As of today, we’re thrilled to announce the launch of the new Phase Two Dashboard — a fully redesigned application for managing your Keycloak resources. This update goes far beyond a fresh coat of paint. We've rebuilt the experience from the ground up, introducing new capabilities, streamlined workflows, and deep infrastructure enhancements based directly on customer feedback. We've learned that the version of Keycloak we provide, enhanced by the Phase Two library of extensions, solves for the 95% Saas use-case and this release will allow our users to better take advantage of those features. Some features are available today and others will be made available in the next few weeks.
We are excited to announce that Phase Two has achieved SOC 2 Type 1 compliance! This milestone demonstrates our ongoing commitment to security, availability, and the protection of our customers’ data.
Learn more at trust.phasetwo.io.
As more companies build SaaS platforms, the need to serve multiple customer groups—or tenants—from a single system becomes critical. In the identity world, this means implementing multi-tenancy within your identity provider.
In this post, we’ll walk through:
We've written extensively about how to model multi-tenancy with organizations and how Phase Two's Organizations extension differs from the native implementation being undertaken by the Keycloak team.
All of Phase Two's hosted environments come standard with all of our popular extensions to make it easy to hit the ground running and cover 95% of all IAM use-cases.
As more companies adopt Keycloak for enterprise identity and access management, security is no longer just a back-end concern. One of the most frequent questions we hear at Phase Two is:
"Should I put a Web Application Firewall (WAF) in front of Keycloak?"
The short answer? It depends—but it's a smart question to ask.
In this post, we'll break down what Keycloak provides out of the box, explore common attack vectors (especially around authentication endpoints), and help you evaluate whether you need to add an external firewall or WAF to your deployment.