Keycloak

Keycloak is an open source Identity and Access Management (IAM) platform, backed by Red Hat. Keycloak implements the Oauth2 protocol, and is our primary Identity Provider for all our users*, and the source of truth for all actor identities.

Multi-Tenancy

Keycloak uses Realms to organise tenancies. Each Realm contains an isolated set of users, clients and identity providers. All users within a Realm share the same set of roles and permissions.

Roles and Groups

Keycloak assigns Roles and Groups to users within any Realm. For simplicity, we arrange users into Groups, with each group having a set of roles assigned.

Roles contain basic permissions either as a singular attribute, or a collection of core attributes allowing more granular permissions
Groups are then used to map Roles (permissions) to users
Groups may additionally be used to add attributes to a user for when we wish to perform an action at login (rather than after login), or as alternative authentication.

Multi-Tenancy​

Roles and Groups​

Multi-Tenancy

Roles and Groups