An official site of the Alberta Government

Open Source identity and user access management

A brief overview of Keycloak and its capabilities

Overview

With Keycloak you can add a secure sign in to your applications and services with minimum effort and configuration. No need to deal with storing users or authenticating users. It’s all available out of the box.

Authentication brokering

Active Directory and LDAP

Keycloak has support built in to connect with existing Active Directory services or LDAP. What this means in practice is that internal users can sign in to their workstation using their GoA credentials and be automatically authenticated for your application, no need to provide their username and password a second time.

Social Login and Identity Brokering

Sign in with social networks can be easily enabled through the admin console. No code or application changes are required.

Keycloak can also authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers. Again, this is just a matter of configuring the Identity Provider through the admin console.

User management

Admin Console

Through the admin console, administrators can manage users, including permissions and sessions.

Self-serve functionality is also included; users can manage their own accounts, update profiles, change passwords, and set up two-factor authentication.

Account Management Console

Users of individual applications can access self-serve functionality that allows them to:

  • Manage their accounts
  • Update their profiles
  • Change passwords
  • Setup two-factor authentication

Authorization Services

Administrators can centrally manage applications, defining fine-grained authorization policies on a per-application basis.

Secure APIs

Keycloak Authorization Services allow access tokens to be issued enabling controlled access to secured server resources and endpoints. This service provides administrators with granular control over access to systems and resources.

How to get started with Keycloak

If you’re a Government of Alberta team interested in using Keycloak in your project or service, please contact the Digital Delivery and Innovation.