Cyber Tool Stack
All tools
IAM/SSOOpen source · Apache-2.0

Keycloak

Community project

A self-hosted, Apache-licensed identity server supporting OIDC, SAML, LDAP and Active Directory federation, and built-in MFA. Keycloak moved from Red Hat stewardship to the CNCF in 2023; Red Hat also sells a supported downstream build.

Verified Source: 1

Product type
Community project
Deployment
On-prem
Organization size
SMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

IAM/SSO

How Keycloak measures up against the full Identity & Access Management / Single Sign-On taxonomy.

Single sign-on — supported
Lets users authenticate once to access many connected applications.
Directory integration — supported
Syncs users and groups with an existing directory like Active Directory or HR system.
Adaptive / conditional access — not supported
Adjusts login requirements based on device, location, and risk signals.
Lifecycle provisioning — not supported
Automatically grants and revokes app access as employees join, move, or leave.
Multi-factor authentication support — supported
Enforces a second factor at login as part of the sign-in flow.
Audit logging — supported
Records authentication and access events for security and compliance review.
Pre-built app connectors — not supported
Ships with ready-made SSO integrations for thousands of common apps.

Alternatives

Other Identity & Access Management / Single Sign-On tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Keycloak.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.