Is Keycloak the solution for multi tenant I looking for?

I’m looking for offload the security of my apps.

Recommended in this post on rust Reddit, I wonder if Keycloak is what I look for.

My major user case is a SASS/eCommerce app that has their own schema for users where some users are staff and the other are shoppers.

My app provides a main Postgres DB, schema per tenant, auth_user table for staff, and customers for shoppers. Both have much more fields and stuff that is necessary, not just email/pwd.

I don’t need to give full flexibility to each tenant. Same config, same rules, only need to have separated the staff/shoppers. Then regular login/logout/change pwd/recover pwd and then profiles, that could be made by me.

Plus, I need to authenticate utilities that run in the background but I think this is easy.


  • Look like I can use my own schema/tables per tenant using User Storage SPI, but I can split the staff/shoppers?
  • Is necessary to create new realms per tenant? I can just have one and in the SPI set the schema in postgres?
  • I need to run an app process per tenant? I have read that keycloak is heavy in resources. I was looking into for the stated low resources but looks like are hostile to make it easy to work for multi-tenants.