Skip to main content

Migrate to Keycloak

Phase Two can help migrate from any existing IAM system like Auth0, Okta, Ping and more to Keycloak. We’ve written extensively about why Keycloak is a strong choice for an Open-Source IAM. Initial setup and migration can involve varying levels of complexity, whether you need to migrate users, recreate logic or flows, reestablish authentication endpoints, duplicate existing functionality or customize that further, Phase Two can assist.

Color Gradient
Concentric Circles

Migrate to Keycloak from Other Identity Provider Systems

Migrate Users

Migrating Existing Users

Migrating an existing user base to Phase Two and Keycloak can be accomplished via Phase Two’s User Migration API. We leverage an API to automate the import of users allowing it to be done efficiently and without downtime. Using the existing IAM’s user endpoints to export the existing user set, a mapping between user values is done and then the user is sent to Phase Two.

Connect Identity Providers

One of the main reasons to adopt a system like Keycloak is to handle the mix of users from different companies and allow them to leverage the IDP their company uses. Keycloak has first class treatment for many IDPs and also can be setup with any generic IDP over SAML or OIDC. That means that organizations using any number or mix IDPs (custom, commercial, etc) will be able to coalesce on Keycloak. To facilitate the ease of setup, Phase Two has built a full wizard workflow. Combined with the Phase Two Organization extension, IDPs can be mapped to an Organization and user’s login will automatically be sent to the correct IDP based on their credentials.

Architecture Review

Create Login Flows

Keycloak is capable of recreating almost any desired login flow. In addition, due to its open source nature, customization as needed can also be done. Keycloak has the functionality to implement MFA, OTP, Magic Link, WebAuthn, username/password, and custom authenticators. Keycloak can support any business need surrounding a login flow. Phase Two has created many of the most popular authentication flow extensions, and they are included by default in our hosted product and Docker image.

User Register
Health Assessment

API Integration

Keycloak has a plethora of APIs that allow moving from one system to another, much easier. This means that existing APIs an application already leverages with another system, can be changed to analogous ones within Keycloak. An application’s users do not need to know that this change has even occurred.

Organizations, Roles, and Permissions

Establishing hierarchy within a user base is key to making sure user’s have correct permissions and are properly gated within an application. Phase Two’s Organization extension allows companies to introduce a logical separate of users that maps users to an IDP and a set of roles within that organization. This allows companies to move from any existing IAM and role hierarchy to Keycloak without a disruption of service. Organizations can also be self-administered in Phase Two through the bundled Admin Portal. This allows organization admins to self-manage their own user base and organization settings.

Organizations, Roles, and Permissions
Phase Two Happy Customers

Happy Customers

Phase Two has many happy customers across the globe that include Tier 1 CDNs, global transport companies, digital security providers, digital signage providers, and more. Our customers have saved hundreds of thousands of dollars migrating to Keycloak and delivered better experiences in the process.

Learn more about Phase Two's Enterprise Support