Apache-2.0

Keycloak

Open-source IAM for SSO, OIDC, and SAML

An open-source identity and access management solution that provides SSO and identity brokering for applications.

Visit Keycloak View repository
Keycloak main image

In depth

What it is

Keycloak is an open-source identity and access management solution that provides SSO and identity brokering for applications.

Key features

  • OIDC/SAML - Standards-based identity provider.
  • Realms - Realm and client separation for multi-tenant setups.
  • User federation - Federation with LDAP/AD directories.
  • Customization - Themes, mappers, and extension points.

Strengths

  • OIDC/SAML - Standards-based identity provider.
  • Realms - Realm and client separation for multi-tenant setups.
  • User federation - Federation with LDAP/AD directories.

Trade-offs

  • Operations - Upgrades and configuration drift require discipline.
  • Complexity - Large deployments need careful realm and client design.
  • Performance tuning - Scale requires tuning caches, DB, and token settings.

Pricing

Open-source software. Direct license cost is zero; costs are typically infrastructure, operations, and optional paid support or hosting.

Explore alternatives
Okta logo

Okta

Enterprise identity platform for SSO and lifecycle management

Microsoft Entra ID logo

Microsoft Entra ID

Cloud identity service for workforce and apps

authentik logo

authentik

Self-hosted identity provider with flexible authentication flows

ZITADEL logo

ZITADEL

Open-source identity infrastructure for multi-tenant apps

See more