# Keycloak

Keycloak is an open-source Identity and Access Management (IAM) solution that simplifies handling user authentication, authorization, and identity federation. By centralizing these processes, it helps maintain a secure environment without forcing you to reinvent the wheel. Whether you’re dealing with standard login flows, integrating social logins (e.g. Google, GitHub), or managing roles across large teams, Keycloak provides a flexible and scalable foundation.

---

## Key Features

- Single Sign-On (SSO): Enable users to access multiple applications and services with a single set of credentials, reducing login fatigue and improving the user experience.
- User Federation: Integrate your existing user stores—such as LDAP, Active Directory, or custom databases—without re-engineering your authentication layer.
- Role-Based Access Control (RBAC): Assign fine-grained roles and permissions to users or groups, making it easier to manage security policies at scale.
- Social Login & Identity Brokering: Offer seamless authentication through providers like Google, Facebook, or GitHub, saving time by not building these integrations yourself.
- Extensible & Customizable: Adjust Keycloak’s behavior using custom providers, themes, or authentication flows that match your project’s unique requirements.

---

## How Keycloak is integrated in the edpbuilder

A dedicated realm is used in Keycloak for the edpbuilder's stack. Currently Backstage and argo-workflows is configured to use Keycloak. Grafana and Forgejo are integrated next. Keycloak will be able, in a later step, to connect to the identity provider of an organisation (Azure AD DS for example).

---

## 🔗 References

- [Keycloak Documentation](https://www.keycloak.org/documentation)
- [Keycloak's Repository](https://github.com/keycloak/keycloak)