Overview
With Keycloak you can add a secure sign in to your applications and services with minimum effort and configuration. No need to deal with storing users or authenticating users. It’s all available out of the box.
Authentication brokering
Active Directory and LDAP
Keycloak has support built in to connect with existing Active Directory services or LDAP. What this means in practice is that internal users can sign in to their workstation using their GoA credentials and be automatically authenticated for your application, no need to provide their username and password a second time.
Social Login and Identity Brokering
Sign in with social networks can be easily enabled through the admin console. No code or application changes are required.
Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers. Again, this is just a matter of configuring the Identity Provider through the admin console.
User management
Admin Console
Through the admin console, administrators can manage users, including permissions and sessions.
Self-serve functionality is also included; users can manage their own accounts, update profiles, change passwords, and set up two-factor authentication.
Account Management Console
Users of individual applications can access self-serve functionality that allows them to:
- Manage their accounts
- Update their profiles
- Change passwords
- Setup two-factor authentication
Authorization Services
Administrators can centrally manage applications, defining fine-grained authorization policies on a per-application basis.
Secure APIs
Keycloak Authorization Services allow access tokens to be issued enabling controlled access to secured server resources and endpoints. This service provides administrators with granular control over access to systems and resources.
How to get started with Keycloak
If you’re a Government of Alberta team interested in using Keycloak in your project or service, please contact the Digital Delivery and Innovation.