Hi, our small org (15 ppl) is looking for a self hosted solution that works similarly to Cloudflare Access, which solves the problem we have decently well, but requires full control of our domain’s zone, which isn’t something we want to migrate out of AWS. Our goal is to secure our internal reporting web instance (with a lot of sensitive data) and eliminate our VPN.
We’re looking at alternative solutions like Pritunl Zero and Pomerium, and I had looked at Keycloak as an SSO provider to connect to our active directory (which we want to move to AWS Active Directory).
However, now I’m wondering if Keycloak really plays that role? Does it act as a standard SSO provider that Pritunl can talk to? Their docs only explain connecting to Okta, Azure AD, and a few others. Or, can Keycloak play the full role of highly secure access proxy, including authentication?
Any advice here would be much appreciated.