[ceeker]

Can someone confirm if this can be used in a multi-tenant saas app environment?

Customers want to have their own SSO setup or user roles and instead of providing all those functionalities in the app, can we use Keycloak in front and the Customer can manage their own users/permissions via Keycloak?

So in essence:

Customer A: Have 5 users (login / password), 1 admin and 4 regular users -- admin can add or remove users

Customer B: Have an LDAP and would like to authenticate using it

[theomega]

I was a heavy user of Keycloak until a year ago and I can only recommend your setup if you are sure that the amount of realms is not growing. Every additional realm uses huge amount of memory in Keycloak. From how I understood the architecture, a lot of components (if not all of them) are initialized per realm.

We had huge problems modeling multi-tenancy through reals in Keycloak.

Take everything I'm saying with a grain of salt. But, if you are planning to have a lot of customers and realms, do a benchmark by creating a lot of realms and checking if you can use all of them in parallel. YMMV.

[snuxoll]

Absolutely. You can setup multiple realms in Keycloak to isolate tenants from each other, and beyond the built in admin UI you can access all of the configuration over a REST API to build you own admin tools if needed.

[mjochim]

This should be possible, since everything you mention are realm-specific settings (i.e. you create one realm per customer), including that a user can be admin in one realm only.

I'm saying "should be" because personally, I have only used single-realm setups in production so far.

Must say I'm a big fan of Keycloak.

[thinkharderdev]

Yeah, it's really easy. You can setup multiple realms and then have completely separate realm admin roles for each. Each realm admin will have their own admin console and login URL