Home / Identity & SSO / Keycloak

Keycloak — open source alternative

Enterprise-grade identity and access management from Red Hat.

Strengths

  • SAML, OIDC, OAuth2, LDAP federation — the full kit.
  • Fine-grained RBAC, scopes and client management.
  • Backed by Red Hat with a mature release cadence.

Weaknesses

  • Admin console is complex — real operational learning curve.
  • Memory-hungry under load; not trivial to right-size.
  • Upgrades between major versions require careful migration.
License: Apache-2.0 Self-host difficulty: 4/5 Self-host only

Official site · Source on GitHub

Ad slot — OSS middle

Keycloak is used as an alternative to

Okta

Enterprise identity, SSO and MFA cloud.

See all alternatives →

More open source in this category

Discover other projects tagged Identity & SSO on the category page.

Other open source projects in Identity & SSO

Authentik

Modern identity provider with a polished admin UI.

License: MIT

Authelia

Single sign-on portal designed for reverse proxies.

License: Apache-2.0

Zitadel

Cloud-native identity platform built in Go with event sourcing.

License: Apache-2.0

Recommended reading

When self-hosting goes wrong: seven failure modes and how to avoid them

An honest retrospective on the ways self-hosted setups break — not in theory, but in practice — and the small habits that prevent most of them.

Will the open source project you depend on still exist in three years?

Bus factor, maintainer burnout, funding models, and the signals that separate OSS projects that survive from those that quietly decay.

From SaaS to self-hosted: a 30-day migration playbook

A week-by-week plan to move one service off SaaS and onto your own server without breaking your team's workflow.