Keycloak
App in the BluixApps catalog
What it is
Keycloak is the enterprise-grade open-source identity and access management platform — SSO, OAuth2, OIDC, SAML, LDAP, MFA, identity federation, user federation, social login. Red Hat / IBM-backed, deployed at every Fortune 500. The standard OSS IdP for enterprise.
For mid-market and enterprise orgs needing a battle-tested IdP that integrates with everything, Keycloak is the canonical choice.
What it's for
- Enterprise SSO — unified login across all enterprise apps
- OAuth2 / OIDC provider — modern API authentication
- SAML provider — legacy enterprise app SSO
- Identity federation — connect multiple identity sources
- Social login — Google / Facebook / GitHub OAuth for apps
Who it's for
- Enterprise IT managing SSO for hundreds of apps
- SaaS platforms providing customer SSO
- Multi-tenant orgs with realm-based isolation
- Compliance-bound orgs needing audit-grade IdP
- OSS communities running federated identity
Why teams pick Keycloak over alternatives
- Apache 2.0 — fully open
- Enterprise-grade — Red Hat / IBM backing
- Multi-protocol — OIDC, SAML, LDAP, RADIUS, all native
- Realm isolation — proper multi-tenancy
- Battle-tested — production-deployed at every scale
- Extensible — Java SPI for custom logic
Integrations
- Protocols — OIDC, OAuth2, SAML 2.0, LDAP/AD, Kerberos
- Identity sources — local + LDAP + OIDC federation + custom
- MFA — TOTP, WebAuthn, OTP via SMS, custom
- Themes — fully brandable login flows
- Admin API — REST API for programmatic config
- Events — webhook + log integration
- Java SPI — extensions in any JVM language
Notable users & community
- 23k+ GitHub stars
- Used by virtually every large enterprise using OSS IdP
- Backed by Red Hat (IBM) — strongest commercial backing in OSS IdP
- KeycloakDevDay conferences
- Standard tool in enterprise identity space
Tips & operations
- Resource sizing — Keycloak needs 2-4 GB RAM per JVM; multiple JVMs for HA
- External DB required — Postgres, MySQL, MS SQL, Oracle, MariaDB
- Realm strategy — realms isolate tenants; design carefully
- Backup is critical — IdP loss = mass lockout
- HA via clustering — single-node = single point of failure
- Theme customization — for branded login experience
What we ship in BluixApps
- Docker compose: Keycloak + Postgres
- Pinned
quay.io/keycloak/keycloak:26.0(release-tagged) - HTTPS via Let's Encrypt
- Admin user via env config
- Persistent volumes for Postgres
- Production mode (not dev mode) by default
- Backup hook covers Postgres (users + realms + clients)
Get this app — pick a BluixApps plan
Same catalog. Scaling tenant isolation, white-label and support tier.
| Tier | Tenants | Catalog | Support | White-label | Monthly | |
|---|---|---|---|---|---|---|
| Stacks | 1 | 19 curated stacks | Standard | — | $19/mo | DetailDeploy |
| Starter | 10 | Full catalog | Standard | +$15–25/mo | $49/mo | DetailDeploy |
| Pro | 25 | Full catalog | Priority bugfix | +$15–25/mo | $149/mo | DetailDeploy |
| Growth | 100 | Full catalog | Priority bugfix | +$15–25/mo | $349/mo | DetailDeploy |
| Scale | 500 | Full catalog | 7-day window | +$15–25/mo | $799/mo | DetailDeploy |
| Enterprise | Unlimited | Full catalog | Priority 7-day | Bundled | $1,499/mo | DetailDeploy |