Get the theme: Shadcn Keycloak Theme Starter
A shadcn theme starter for Keycloak using Tailwind CSS and Radix UI components. This starter provides a foundation for building a custom, component-based Keycloak theme.
+
Phase Two is thrilled to announce that we have been recognized as an official partner of CockroachDB. This partnership marks a significant milestone in our commitment to providing robust, scalable, and high-performance database solutions for our the Keycloak community and our customers.
Phase Two originally built our CockroachDB integration for Keycloak over two years ago, and since then we have been working closely with the CockroachDB team to ensure that our integration is optimized for performance and reliability. Our customers have seen significant improvements in database performance, scalability, and a overall cost savings by using CockroachDB with Keycloak.
Our commitment to CockroachDB is built on years of using the Cockroach Cloud to power all of our dedicated hosting.
Keycloak tracks various "user events" to provide auditing and monitoring capabilities related to user activities within a realm. These events capture actions performed by users, such as authentication attempts, account management operations, and more.
When these events have been tracked and not purged for a long period, for high traffic installations, trying to change the retention period can lead to a massive performance problem with your installation. We will walk you through what to consider and how to safely purge these events.
As more companies build SaaS platforms, the need to serve multiple customer groups—or tenants—from a single system becomes critical. In the identity world, this means implementing multi-tenancy within your identity provider.
In this post, we’ll walk through:
We've written extensively about how to model multi-tenancy with organizations and how Phase Two's Organizations extension differs from the native implementation being undertaken by the Keycloak team.
All of Phase Two's hosted environments come standard with all of our popular extensions to make it easy to hit the ground running and cover 95% of all IAM use-cases.
When implementing SAML for the establishment of an Identity Provider, two primary options are available:
The SP initiated flow is widely recognized by users due to its straightforward configuration, which is merely the exchange of some metadata. In contrast, the IdP-initiated flow is less intuitive and involves an additional step that may not be readily apparent to many users. The purpose of this blog is to elucidate the steps necessary to successfully execute the IdP-initiated flow. We will setup a full example
A fundamental understanding of SAML 2.0 and Keycloak is required to effectively follow the provided instructions.
When it comes to identity and access management, Keycloak has established itself as the go-to open-source solution for authentication, authorization, and user management. However, successfully integrating and maintaining Keycloak requires more than just hosting—it requires expertise. That’s where the difference between Phase Two and other hosting providers becomes clear.
In this post, we’ll explore why Phase Two should be in strong consideration for your Managed Keycloak provider, especially when compared to providers like CloudIAM, Elest.io, and Servana, who focus solely on hosting the standard build of Keycloak.
In this series we are proposing Keycloak as a superior alternative to commercial identity offerings.
At the heart of every startup's decision-making process lies the bottom line. We’re in an economy where cost-cutting measures are being taken across organizations, and many companies are starting to ask why their identity stack is such an outsized drag on their margins. Keycloak presents a compelling case with its open-source nature. Unlike proprietary IAM solutions that come with hefty price tags and recurring subscription fees, Keycloak offers a cost-effective alternative without compromising on features or security.
By leveraging Keycloak, startups can significantly reduce their operational expenses, channeling those resources into core business activities such as product development and market expansion. Moreover, the open-source community surrounding Keycloak ensures continuous improvement and innovation, all without the burden of additional licensing costs.
A multi-tenant application is a software architecture where a single instance of an application serves multiple, distinct customer groups or “tenants.” Each tenant, often representing an organization or user group, shares the same underlying infrastructure and codebase but operates within its own securely isolated environment. This allows each tenant to have individualized data, configurations, and sometimes even unique customizations, while benefiting from a shared platform that reduces overall resource demands and maintenance. Multi-tenancy is commonly used in SaaS (Software as a Service) applications, enabling businesses to scale efficiently, lower costs, and streamline updates while ensuring that each tenant’s data and settings remain private and distinct from others within the same application. This approach is particularly valuable in enterprise applications, where companies may need to provide access to different organizations, departments, or customer groups within a single solution.
In this series we are proposing Keycloak as a superior alternative to commercial identity offerings.
One size rarely fits all, especially in the world of enterprise software. Startups require flexibility to adapt and tailor IAM solutions to their unique business requirements. Keycloak shines in this aspect, offering extensive customization capabilities that empower startups to mold the platform according to their specific needs.
From branding and user interface customization to advanced authentication flows and authorization policies, Keycloak provides a comprehensive toolkit for startups to craft seamless and secure user experiences. Whether integrating with existing systems or building entirely new functionalities, Keycloak's flexibility ensures a perfect fit for any enterprise SaaS startup. Here’s how Keycloak’s flexibility stands apart from commercial, closed-source solutions, and why this is a key differentiator:
Native applications for iOS, Android, and other platforms can integrate with Keycloak to provide secure, centralized authentication and authorization services. By utilizing Keycloak, these applications can streamline the user login experience through various protocols such as OAuth 2.0 and OpenID Connect, which Keycloak natively supports. With Keycloak, mobile applications can handle user sign-in, token management, and session handling securely, ensuring user identities are managed consistently across devices and platforms. This setup enables native applications to offload the complexities of authentication to Keycloak, allowing seamless integrations with features like Single Sign-On (SSO), social logins, and multi-factor authentication, while developers can focus on app functionality rather than handling sensitive user data directly. Additionally, Keycloak’s support for fine-grained access control and roles ensures that native apps can manage user permissions efficiently, creating a robust foundation for secure, scalable mobile applications.