Skip to main content

Admin Portal for Keycloak

An embeddable, scoped admin UI safe to expose to your customers. Their organization admins manage users, SSO, roles, and invitations — without ever touching the Keycloak console.

Read the docs

The problem

The Keycloak admin console is not safe for customers

It's powerful and dangerous — fine for the engineer who owns the deployment, catastrophic for a customer org admin who just needs to invite their team.

  1. Exposes everything

    Every realm, every user, every client, every flow. There's no way to scope a session to a single organization.

  2. Wrong audience, wrong UX

    The admin console is built for IT, not for end customers. Even with scoping it would feel like exposing your control plane.

  3. Roll your own is a maintenance trap

    Building a custom customer admin on top of the Keycloak REST API works — until Keycloak ships breaking API changes and your UI rots.

Why we built it

A reference customer-admin UI, maintained for you

Every B2B Keycloak team eventually builds a customer-facing admin. We built it once, properly, and open sourced it.

  1. Scoped by construction

    Org admins see only their org's users, roles, and IdPs. Cross-tenant access is structurally impossible — not just hidden in the UI.

  2. Brandable from configuration

    Logo, colors, and copy via the standard Keycloak theme properties. Make it feel like part of your product without forking the code.

  3. Portal links, like Stripe

    Issue short-lived portal links from your backend so users launch into the portal already authenticated, deep-linked to the right view.

  4. Tracks Keycloak releases

    It's the same portal we ship in our managed product. Maintained against the latest Keycloak so self-hosted teams don't have to reinvent it every quarter.

What teams use it for

Customer self-service

Org admins invite users, manage SSO, and assign roles inside their organization — without filing tickets or waiting on your support team.

Embedded inside your app

Drop the portal into your product via a generated portal link. Users launch in already authenticated, in your brand.

Profile and credential self-management

End users update their profile, change their password, set up MFA, and manage their login methods themselves.

Audit-safe admin surface

Every admin action flows through the Keycloak admin API with proper auditability — not direct database writes or bespoke endpoints.

Key capabilities

Scoped to one organization

Org admins see only their org's users, roles, and IdPs. Cross-tenant access is structurally impossible — not just hidden in the UI.

Brandable to match your product

Configure logo, colors, and content from the Keycloak admin to make the portal feel like part of your application.

Portal link generation

Issue short-lived portal links from your backend so users launch into the portal already authenticated — like a Stripe customer portal, for identity.

Get started

Install from GitHub

React app + Keycloak theme. Build from source or pull the prebuilt release artifact.

p2-inc/phasetwo-admin-portal

Read the docs

Install, configure, brand, and generate portal links.

Admin Portal docs

Skip the install

Phase Two managed Keycloak ships with the Admin Portal pre-configured and brandable from the dashboard.

Try the hosted version

Ready to Try Keycloak?
Create Your Free Deployment Today.