Keycloak

App in the BluixApps catalog

What it is

Keycloak is the enterprise-grade open-source identity and access management platform — SSO, OAuth2, OIDC, SAML, LDAP, MFA, identity federation, user federation, social login. Red Hat / IBM-backed, deployed at every Fortune 500. The standard OSS IdP for enterprise.

For mid-market and enterprise orgs needing a battle-tested IdP that integrates with everything, Keycloak is the canonical choice.

What it's for

  • Enterprise SSO — unified login across all enterprise apps
  • OAuth2 / OIDC provider — modern API authentication
  • SAML provider — legacy enterprise app SSO
  • Identity federation — connect multiple identity sources
  • Social login — Google / Facebook / GitHub OAuth for apps

Who it's for

  • Enterprise IT managing SSO for hundreds of apps
  • SaaS platforms providing customer SSO
  • Multi-tenant orgs with realm-based isolation
  • Compliance-bound orgs needing audit-grade IdP
  • OSS communities running federated identity

Why teams pick Keycloak over alternatives

  • Apache 2.0 — fully open
  • Enterprise-grade — Red Hat / IBM backing
  • Multi-protocol — OIDC, SAML, LDAP, RADIUS, all native
  • Realm isolation — proper multi-tenancy
  • Battle-tested — production-deployed at every scale
  • Extensible — Java SPI for custom logic

Integrations

  • Protocols — OIDC, OAuth2, SAML 2.0, LDAP/AD, Kerberos
  • Identity sources — local + LDAP + OIDC federation + custom
  • MFA — TOTP, WebAuthn, OTP via SMS, custom
  • Themes — fully brandable login flows
  • Admin API — REST API for programmatic config
  • Events — webhook + log integration
  • Java SPI — extensions in any JVM language

Notable users & community

  • 23k+ GitHub stars
  • Used by virtually every large enterprise using OSS IdP
  • Backed by Red Hat (IBM) — strongest commercial backing in OSS IdP
  • KeycloakDevDay conferences
  • Standard tool in enterprise identity space

Tips & operations

  • Resource sizing — Keycloak needs 2-4 GB RAM per JVM; multiple JVMs for HA
  • External DB required — Postgres, MySQL, MS SQL, Oracle, MariaDB
  • Realm strategy — realms isolate tenants; design carefully
  • Backup is critical — IdP loss = mass lockout
  • HA via clustering — single-node = single point of failure
  • Theme customization — for branded login experience

What we ship in BluixApps

  • Docker compose: Keycloak + Postgres
  • Pinned quay.io/keycloak/keycloak:26.0 (release-tagged)
  • HTTPS via Let's Encrypt
  • Admin user via env config
  • Persistent volumes for Postgres
  • Production mode (not dev mode) by default
  • Backup hook covers Postgres (users + realms + clients)
Read this app's deep dive on bluix.app ↗

Get this app — pick a BluixApps plan

Same catalog. Scaling tenant isolation, white-label and support tier.

TierTenantsCatalogSupportWhite-labelMonthly
Stacks119 curated stacksStandard$19/moDetailDeploy
Starter10Full catalogStandard+$15–25/mo$49/moDetailDeploy
Pro25Full catalogPriority bugfix+$15–25/mo$149/moDetailDeploy
Growth100Full catalogPriority bugfix+$15–25/mo$349/moDetailDeploy
Scale500Full catalog7-day window+$15–25/mo$799/moDetailDeploy
EnterpriseUnlimitedFull catalogPriority 7-dayBundled$1,499/moDetailDeploy

Powered by WHMCompleteSolution