Keycloak Deployment Auditing – General Scope and Guidelines Practical lessons from auditing multi-realm, multi-client Keycloak environments in medium and large organizations 1. Introduction In medium and large enterprises, Keycloak deployments rarely follow a simple “one realm – one application” pattern. In reality, such environments typically consist of multiple realms reflecting…
Secure Email Delivery in Keycloak 26.2 Using XOAUTH2 Email has been one of the oldest and most fundamental services on the internet, used for notifications, password resets, verifications, and more. Over time we’ve seen major improvements — encryption via TLS, then STARTTLS, and now many providers are moving away from…
Introduction Shipping single sign‑on quickly is tempting. Stakeholders push for a smooth login experience, developers want to move on to core features, and security teams are eager to tick the “MFA enabled” box. The trouble is that identity and access management (IAM) decisions outlive launch days. Once you choose a…
In this blog, we will first take a look at the built-in Keycloak mechanisms for password policy management. Then, we will explore the possibilities for customizing these mechanisms to better fit specific requirements.
This blog focuses on configuring Passkeys specifically for mobile devices, ensuring a seamless and secure passwordless experience.
The trusted devices mechanism in Keycloak is a way to enhance login convenience without significantly compromising cybersecurity.
In this blog post, we’ll show you how to set up Passkeys based on the Keycloak.
Cybersecurity experts point out that these techniques continue to evolve and adapt to better target potential victims. In 2025, it is worth paying attention to three key areas.
In this post, we’ll explore a custom MFA implementation that sends a one-time authentication code to the user’s email.
In this blog, you’ll learn how Keycloak can support your SIEM system.
