Keycloak
Open-source identity provider
Free, self-hosted, open-source IdP — full control with no license fee, and the ops that come with it.
At a glance
- Category
- Open-source identity provider
- Ownership
- Open source (sponsored by Red Hat / IBM)
- Founded
- 2014
- Deployment
- Self-hosted · Hybrid
- Pricing
- Free, open source (self-hosted); paid support via Red Hat
- Experience
- Developer-first
- Segments
- B2B SaaS · Public sector · Healthcare
Overview
Keycloak is a mature open-source identity and access management server supporting OIDC, SAML, SSO, and MFA. It is fully self-hosted and free to use, sponsored by Red Hat, and favored by teams that want control and no per-user licensing — at the cost of running it themselves.
Best for
Engineering teams that want a free, open-source, self-hosted IdP and can own the operational burden.
Consider alternatives if
You want a managed, zero-ops service or vendor SLAs and support without self-hosting (or buy the Red Hat build of Keycloak for support).
Capabilities
- SSO (SAML / OIDC) ✓
- SCIM provisioning —
- Multi-factor auth ✓
- Passwordless / passkeys —
- Social login —
- Self-hosted option ✓
Capability flags are directional, for shortlisting — verify against current vendor documentation before a decision.
Strengths
- Free and open source, with no per-user licensing
- Strong standards support (OIDC, SAML, SSO)
- Full control and customizability via self-hosting
- Large community and Red Hat backing
Considerations
- You operate, scale, and secure it yourself
- No SCIM out of the box (limited provisioning)
- Admin/UI and upgrades require engineering effort
- Support requires the Red Hat product or third parties
Related reading
This profile is editorial and independent. Keycloak's directory listing is free — no placement here is paid, and sponsorship never buys a better verdict. Our neutrality charter.
← All vendors