Best practice: Should i extend keycloak user information management or is it better to have an extra application like account-system which is managing all user information data such as address?

I have a simple question: What is the best practice if i have user information data such as billingAddress, PhoneNumbers, UserApplicationSettings - should i extend keycloak and the user information management theme or should i simple setup an external Application (Frontend, Backend) which manages all these data?
So that keycloak is just responsible for authentication as well as authorization and the external Application for managing users data.

Does the new declarative user profile fit your use case here?

1 Like

IMO it depends on the size / maturity of your organization. You might already have policies in place regarding the protection of private personal information (PPI) and related controls. If those controls allow you to maintain such information in the Keycloak DB and that doesn’t create any problems or clunky procedures, just keep it on the Keycloak DB. However, at some future date you might want to change that.

Thanks a lot @kensei62. I’m pretty new to Keycloak - is it possible to define the database schema for the user table? Eig. I would like to be able to customize this schema without any problems. Also, we have different onboarding processes for users for our apps or for specific features. If I define this in Keycloak, I am very much coupled with Keycloak. Would it also be a solid solution to authorize the account backend with Keycloak and validate incoming user requests based on token level - authentication flow?

Unfortunately that’s beyond my level of expertise with Keycloak.