{"title":"Open Source Identity and Access Management","byline":null,"dir":null,"lang":null,"content":"<div id=\"readability-page-1\" class=\"page\"><div>\n    <div>\n        <div>\n            <h2>Single-Sign On</h2>\n            <p>\n                Users authenticate with Keycloak rather than individual applications. This means that your applications\n                don't have to deal with login forms, authenticating users, and storing users. Once logged-in to\n                Keycloak, users don't have to login again to access a different application.\n            </p>\n            <p>\n                This also applies to logout. Keycloak provides single-sign out, which means users only have to logout once to be\n                logged-out of all applications that use Keycloak.\n            </p>\n        </div>\n        <p><img alt=\"Screenshot showing a user's login screen as presented by Keycloak\" src=\"https://www.keycloak.org/resources/images/screen-login.png\">\n        </p>\n    </div>\n\n    <div>\n        <div>\n            <h2>Identity Brokering and Social Login</h2>\n            <p>\n                Enabling login with social networks is easy to add through the admin console. It's just a matter of selecting the\n                social network you want to add. No code or changes to your application is required.\n            </p>\n            <p>\n                Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers. Again, this is\n                just a matter of configuring the Identity Provider through the admin console.\n            </p>\n        </div>\n        <p><img alt=\"Diagram illustrating brokering\" src=\"https://www.keycloak.org/resources/images/dia-identity-brokering.png\">\n        </p>\n    </div>\n\n    <div>\n        <div>\n            <h2>User Federation</h2>\n            <p>\n                Keycloak has built-in support to connect to existing LDAP or Active Directory servers. You can also implement your own\n                provider if you have users in other stores, such as a relational database.\n            </p>\n        </div>\n        <p><img alt=\"Diagram illustrating user federation\" src=\"https://www.keycloak.org/resources/images/dia-user-fed.png\">\n        </p>\n    </div>\n\n    <div>\n        <div>\n            <h2>Admin Console</h2>\n            <p>\n                Through the admin console administrators can centrally manage all aspects of the Keycloak server.\n            </p>\n            <p>\n                They can enable and disable various features.  They can configure identity brokering and user federation.\n            </p>\n            <p>\n                They can create and manage applications and services, and define fine-grained authorization\n                policies.\n            </p>\n            <p>\n                They can also manage users, including permissions and sessions.\n            </p>\n        </div>\n        <p><img alt=\"Screenshot of the admin console\" src=\"https://www.keycloak.org/resources/images/screen-admin.png\">\n        </p>\n    </div>\n\n    <div>\n        <div>\n            <h2>Account Management Console</h2>\n            <p>\n                Through the account management console users can manage their own accounts. They can update the profile,\n                change passwords, and setup two-factor authentication.\n            </p>\n            <p>\n                Users can also manage sessions as well as view history for the account.\n            </p>\n            <p>\n                If you've enabled social login or identity brokering users can also link their accounts with additional\n                providers to allow them to authenticate to the same account with different identity providers.\n            </p>\n        </div>\n        <p><img alt=\"Screenshot of the account management console\" src=\"https://www.keycloak.org/resources/images/screen-account.png\">\n        </p>\n    </div>\n\n    <div>\n            <h2>Standard Protocols</h2>\n            <p>\n                Keycloak is based on standard protocols and provides support for OpenID Connect, OAuth 2.0, and SAML.\n            </p>\n        </div>\n\n    <div>\n            <h2>Authorization Services</h2>\n            <p>\n                If role based authorization doesn't cover your needs, Keycloak provides fine-grained authorization services as well.\n                This allows you to manage permissions for all your services from the Keycloak admin console and gives you the\n                power to define exactly the policies you need.\n            </p>\n        </div>\n</div><div>\n<div>\n    <p><span> Single-Sign On</span>\n        <span>Login once to multiple applications</span>\n    </p>\n</div>\n<div>\n    <p><span> Standard Protocols</span>\n        <span>OpenID Connect, OAuth 2.0 and SAML 2.0</span>\n    </p>\n</div>\n<div>\n    <p><span> Centralized Management</span>\n        <span>For admins and users</span>\n    </p>\n</div>\n<div>\n    <p><span> Adapters</span>\n        <span>Secure applications and services easily</span>\n    </p>\n</div>\n<div>\n    <p><span> LDAP and Active Directory</span>\n        <span>Connect to existing user directories</span>\n    </p>\n</div>\n<div>\n    <p><span> Social Login</span>\n        <span>Easily enable social login</span>\n    </p>\n</div>\n<div>\n    <p><span> Identity Brokering</span>\n        <span>OpenID Connect or SAML 2.0 IdPs</span>\n    </p>\n</div>\n<div>\n    <p><span> High Performance</span>\n        <span>Lightweight, fast and scalable</span>\n    </p>\n</div>\n<div>\n    <p><span> Clustering</span>\n        <span>For scalability and availability</span>\n    </p>\n</div>\n<div>\n    <p><span> Themes</span>\n        <span>Customize look and feel</span>\n    </p>\n</div>\n<div>\n    <p><span> Extensible</span>\n        <span>Customize through code</span>\n    </p>\n</div>\n<div>\n    <p><span> Password Policies</span>\n        <span>Customize password policies</span>\n    </p>\n</div>\n    </div></div>","textContent":"\n    \n        \n            Single-Sign On\n            \n                Users authenticate with Keycloak rather than individual applications. This means that your applications\n                don't have to deal with login forms, authenticating users, and storing users. Once logged-in to\n                Keycloak, users don't have to login again to access a different application.\n            \n            \n                This also applies to logout. Keycloak provides single-sign out, which means users only have to logout once to be\n                logged-out of all applications that use Keycloak.\n            \n        \n        \n        \n    \n\n    \n        \n            Identity Brokering and Social Login\n            \n                Enabling login with social networks is easy to add through the admin console. It's just a matter of selecting the\n                social network you want to add. No code or changes to your application is required.\n            \n            \n                Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers. Again, this is\n                just a matter of configuring the Identity Provider through the admin console.\n            \n        \n        \n        \n    \n\n    \n        \n            User Federation\n            \n                Keycloak has built-in support to connect to existing LDAP or Active Directory servers. You can also implement your own\n                provider if you have users in other stores, such as a relational database.\n            \n        \n        \n        \n    \n\n    \n        \n            Admin Console\n            \n                Through the admin console administrators can centrally manage all aspects of the Keycloak server.\n            \n            \n                They can enable and disable various features.  They can configure identity brokering and user federation.\n            \n            \n                They can create and manage applications and services, and define fine-grained authorization\n                policies.\n            \n            \n                They can also manage users, including permissions and sessions.\n            \n        \n        \n        \n    \n\n    \n        \n            Account Management Console\n            \n                Through the account management console users can manage their own accounts. They can update the profile,\n                change passwords, and setup two-factor authentication.\n            \n            \n                Users can also manage sessions as well as view history for the account.\n            \n            \n                If you've enabled social login or identity brokering users can also link their accounts with additional\n                providers to allow them to authenticate to the same account with different identity providers.\n            \n        \n        \n        \n    \n\n    \n            Standard Protocols\n            \n                Keycloak is based on standard protocols and provides support for OpenID Connect, OAuth 2.0, and SAML.\n            \n        \n\n    \n            Authorization Services\n            \n                If role based authorization doesn't cover your needs, Keycloak provides fine-grained authorization services as well.\n                This allows you to manage permissions for all your services from the Keycloak admin console and gives you the\n                power to define exactly the policies you need.\n            \n        \n\n\n     Single-Sign On\n        Login once to multiple applications\n    \n\n\n     Standard Protocols\n        OpenID Connect, OAuth 2.0 and SAML 2.0\n    \n\n\n     Centralized Management\n        For admins and users\n    \n\n\n     Adapters\n        Secure applications and services easily\n    \n\n\n     LDAP and Active Directory\n        Connect to existing user directories\n    \n\n\n     Social Login\n        Easily enable social login\n    \n\n\n     Identity Brokering\n        OpenID Connect or SAML 2.0 IdPs\n    \n\n\n     High Performance\n        Lightweight, fast and scalable\n    \n\n\n     Clustering\n        For scalability and availability\n    \n\n\n     Themes\n        Customize look and feel\n    \n\n\n     Extensible\n        Customize through code\n    \n\n\n     Password Policies\n        Customize password policies\n    \n\n    ","length":4267,"excerpt":"Users authenticate with Keycloak rather than individual applications. This means that your applications\n                don't have to deal with login forms, authenticating users, and storing users. Once logged-in to\n                Keycloak, users don't have to login again to access a different application.","siteName":null}