5 posts tagged with "organizations"

As more companies build SaaS platforms, the need to serve multiple customer groups—or tenants—from a single system becomes critical. In the identity world, this means implementing multi-tenancy within your identity provider.

In this post, we’ll walk through:

• What multi-tenancy means in Keycloak
• The drawbacks of using multiple realms for tenants
• Why organizations are a better, more scalable approach
• How the Phase Two Organizations extension supports advanced use cases like theming, shared IdPs, and user membership
• How our implementation differs from (and improves on) the new native Keycloak organizations feature

We've written extensively about how to model multi-tenancy with organizations and how Phase Two's Organizations extension differs from the native implementation being undertaken by the Keycloak team.

All of Phase Two's hosted environments come standard with all of our popular extensions to make it easy to hit the ground running and cover 95% of all IAM use-cases.

Overview​

A multi-tenant application is a software architecture where a single instance of an application serves multiple, distinct customer groups or “tenants.” Each tenant, often representing an organization or user group, shares the same underlying infrastructure and codebase but operates within its own securely isolated environment. This allows each tenant to have individualized data, configurations, and sometimes even unique customizations, while benefiting from a shared platform that reduces overall resource demands and maintenance. Multi-tenancy is commonly used in SaaS (Software as a Service) applications, enabling businesses to scale efficiently, lower costs, and streamline updates while ensuring that each tenant’s data and settings remain private and distinct from others within the same application. This approach is particularly valuable in enterprise applications, where companies may need to provide access to different organizations, departments, or customer groups within a single solution.

An exciting new feature has been added to Phase Two Organizations Extension! Organizations now support shared Identity Providers (IdPs) for mapping multiple organizations to a single IDP. This feature is especially useful for organizations that have multiple organizations that need to share the same IDP.

Since we first released our (most) popular Keycloak extension, Keycloak Organizations (Orgs) and made it available as open source on Github, the Keycloak maintainers have decided to build into native organization support.

This begs the question? What is different between Keycloak's upcoming organizations feature and the Phase Two Organization Extension?

We recently gave a talk at the Keycloak DevDay 2024 conference in Frankfurt on our Organizations extension which provides single Realm multi-tenancy to Keycloak for modern SaaS applications. The hosts of the conference have posted the video of the talk on Youtube.