Keycloak
Self-hosted identity and access management server
Keycloak is profiled here as a DevOps tool for engineering teams. Read about features, pricing, and how it compares to related options in the tools directory.
Description
Keycloak is an open-source identity and access management server started at Red Hat in 2014 and now a CNCF incubating project. It gives applications single sign-on, user federation, and centralized authorization through standard protocols, and it runs anywhere a container runs, which keeps identity data inside the organization. Enterprises adopt it when compliance or cost rules out hosted identity providers. Red Hat ships a supported build of the same codebase, and the realm model isolates tenants, clients, and policies cleanly within one server.
Key Capabilities:
Single sign-on over OIDC, OAuth 2.0, and SAML
User federation with LDAP and Active Directory
Identity brokering for social and external identity providers
Fine-grained authorization services and role-based access control
Admin console plus a full REST admin API
Kubernetes Operator and extension SPIs under Apache 2.0
Alternative tools
- Coolify
Self-hosted deployment platform for any server
- Netlify
Git-driven platform for deploying modern web frontends
- Backblaze B2
Low-cost S3-compatible cloud object storage
- Cloudflare R2
S3-compatible object storage with zero egress fees
- Argo CD
Declarative GitOps continuous delivery for Kubernetes
- Robusta AI
Kubernetes observability platform with AI-powered alert enrichment and remediation.