Description
Description
This top-level epic is about the planned work to deliver the first release of the Keycloak Organization feature.
Keycloak Organization is a feature that leverages and builds on top of the Identity and Access Management (IAM) capabilities of Keycloak to address Customer Identity and Access Management (CIAM) with a focus on Business-to-Business (B2B) use cases.
+-----------+
| |
+-----------+ Customer +-----------+
| | | |
+----------+ +-----+----+ | | +----+-----+
| | | | +-----------+ | |
| End-User +------+ Realm | | End-User |
| | | | | |
| | | | | |
+----------+ +-----+----+ +----+-----+
| +-----------+ |
| | | |
+-----------+ Partner +-----------+
| |
| |
+-----------+
In summary, this feature will allow a realm to integrate with third-party entities like customers and business partners so that their identities and how they access protected resources at the realm level are segregated and managed within the scope of the organization they belong to.
As a result, a realm will be able to provide a different experience when onboarding customer identities or identities from a business partner and mechanisms to secure and manage how they interact with a realm and how they access protected resources from the clients available from a realm. Although not the main focus, it should also be possible to leverage this feature if you just want a better segregation between users, clients, and how they are managed and authenticate to a realm—some level of multi-tenancy.
The main set of capabilities provided by Keycloak Organizations are:
-
- Manage Organizations
-
- Manage Organization Members
-
-
- Organization Member Self-Registration based on Identity Brokering
-
-
-
- Organization Member Registration based on Invitation Links
-
-
-
- Manage Invitations
-
-
- Manage Federated Organization Members
-
- Mapping organization metadata in tokens
-
- Manage Organization Roles
-
- Manage Organization Groups
-
- Manage Groups of Organizations
-
- Manage Authentication within the Scope of an Organization
-
-
- Authentication based on the Organization Authentication Policies
-
-
- Manage Clients and Service Accounts
-
- Administrative Authorization
-
-
- RBAC
-
-
-
- Fine-Grained
-
-
- Organization-specific Admin and User Events
-
- Support for synchronizing identities from organizations using SCIM
-
- Organization Self-Service
The planned release dates for Keycloak Organization are:
| Release | Scope | State |
|---|---|---|
| 25.0.0 | #28609 | Preview |
| 26.0.0 | #30229 | Supported |
For more details about the release dates, see https://github.com/keycloak/keycloak/milestones.
Discussion
Issues
Motivation
Keycloak is a well-known open-source IAM solution and we want to leverage now its capabilities to enable CIAM with a focus on B2B use cases.