General question about Keycloak

Configuring the server
1

Hi all.
i’m new and for know i don’t know much about Keycloak yet. I’m looking for some general information regarding Keycloak.
I’ll be pleased if you can help:

  1. as far as i know, KeyCloak Server can be installed on Windows hosted on a Kubernetes infra and needs Java. Am i correct ?
  2. i’ve seen that Keycloak can sent mail for email otp for instance, if a mail server is setup. As mail provider, i use Infobip, an external provider. The link woulbd be through API/API key. Would it be possible for Keycloak to have such a setup ?
  3. same question for SMS otp with Infobip.
  4. Regarding the features provided by Keycloak (MFA/Sms otp, MFA/email otp, keypass, SSO,…) and its governance: can the portfolio of features be granted centrally and partially delegated to some groups ?
    for instance: as central admin team, i decide that for my comany, 10 features can be used. BUT for EMEA region, only 5 can be activated by EMEA team, and for America’s region, only 3 features can be activated ?
  5. regarding the customization of the different page of the authentication steps (page for login/pwd, page for sms otp, page for email otp,…): Can my organization customize each of them.
    EMEA can customize its own pages
    Americas can customize its own pages

Thanks a lot !

2
  1. Correct
  2. Keycloak allows you to use SMTP to send email. Many providers (including Infobip) will let you connect this way Email: SMTP Specification
  3. There is no native SMS auth function in Keycloak. There are some extensions (e.g. GitHub - dasniko/keycloak-2fa-sms-authenticator: Keycloak Authentication Provider implementation to get a 2nd-factor authentication with a OTP/code/token send via SMS (through AWS SNS). Demo purposes only!) but you will have to write your own connection to Infobip’s SMS api.
  4. It depends on how you are separating groups. Per realm, then yes, but not by Keycloak groups.
  5. Login pages customization can be done on a per realm or client basis.