Keycloak Overview

Keycloak is an open-source identity and access management (IAM) solution aimed at modern applications and services. It provides a secure way to handle authentication, authorization, user federation, and single sign-on (SSO) without writing custom code.

Keycloak is widely used in microservices, enterprise apps, and public-facing portals to centralize identity management and improve security posture.

🔐 Key Features

• Single Sign-On (SSO)
  Users can log in once to access multiple applications and services.

• Identity Brokering and Social Login
  Easily integrate with external identity providers like Google, Facebook, Microsoft, GitHub, etc.

• User Federation
  Connect to existing user directories like LDAP and Active Directory.

• Admin Console & User Self-Service
  Web-based UI for managing realms, users, roles, clients, and settings. End-users can manage their profiles and passwords.

• Role-Based Access Control (RBAC)
  Assign fine-grained roles and permissions to users and groups.

• Open Standards Support
  Built-in support for OAuth 2.0, OpenID Connect, and SAML 2.0.

• Multi-Factor Authentication (MFA)
  Enable two-factor login with OTP apps or hardware tokens.

• Extensible and Customizable
  Customize login flows, themes, and integrate with your backend systems via SPI and REST APIs.

• Docker and Kubernetes Friendly
  Official container images and Helm charts make it easy to deploy and scale in cloud-native environments.

• Internationalization (i18n)
  Built-in support for multiple languages for both the admin and user-facing interfaces.

📚 Learn More

• Official Website
• Documentation
• GitHub Repository
• Docker Hub Image

Keycloak: Getting Started

🔐 Log In to the Admin Console

1. Open your browser and go to the Keycloak Admin Console.
2. Sign in using:
   • Username: admin
   • Password: admin

🏰 Create a Realm

A realm is a tenant that holds applications, users, and configurations.

1. Within the Admin Console, click Create Realm next to the current realm.
2. Enter:
   • Realm name: myrealm
3. Click Create.

👤 Create a User

1. Select the newly created realm (myrealm).
2. Go to Users in the sidebar.
3. Click Create new user.
4. Fill in:
   • Username: myuser
   • First name and Last name as desired
5. Click Create.
6. Go to the Credentials tab.
7. Set a password.
8. Toggle Temporary to Off so the user won't be forced to change it at first login.

✅ Log In to Account Console

1. Open the Keycloak Account Console.
2. Log in using:
   • Username: myuser
   • Password: (the password you set)

Here users can manage profiles, set up 2FA, and link accounts.

🔐 Secure Your First Application (Client)

To register an application with Keycloak:

1. In the Admin Console, ensure you're in the myrealm realm.
2. Go to Clients → Create client.
3. Enter:
   • Client type: OpenID Connect
   • Client ID: myclient
4. Click Next.
5. Ensure Standard Flow is enabled.
6. Configure login settings:
   • Valid redirect URIs: https://www.keycloak.org/app/*
   • Web origins: https://www.keycloak.org
7. Click Save.
8. To test, visit https://www.keycloak.org/app/, click Sign in, and authenticate via your Keycloak server.

🎯 Next Steps

Before deploying to production, consider:

• Use a production-grade database (e.g., PostgreSQL) instead of the default embedded one.
• Configure SSL/TLS certificates.
• Change the admin password from the default.

For deeper setup, see Keycloak’s server guides.

This guide is based on the official documentation.
© Keycloak Authors / The Linux Foundation 2025.
Official Guide