What can be the maximum number of Realms that can be created for a single Keycloak Instance? Also, will there be any performance issues if the realm count rises above 1000+. If so suggest any alternate solutions. I am using Keycloak Version : 11
It depends on your setup, but people here have reported serious problems when using more than ~400 realms in one Keycloak instance.
we want to service a million users from thousands of companies
should we use realm for each company or we should isolate them in another way?
It depends. Do you need to connect an external identity broker or user federation source for each of those companies?
If so, my approach in the past has been realm per company, that then broker to a single realm that you use for authentication for your app. That gives you the flexibility to add new tenant/company clusters if you run up against scaling problems with a single Keycloak instance. The downside is that you need to build your own approach to get users to the right realm (I use a custom Authenticator for this).
If not, there may be a simpler way to architect it with a single realm, like using groups to identify company membership.
Brokering various realm to a single one also duplicates total session count and thus needs more resources.
Another thing is: Do you really want to put all your customers/tenants/etc. into one single Keycloak system (no matter if clustered or not) and thus have one giant single point of failure? If this one and only Keycloak isn’t working any more, no one of your customers is able to auth and work with your applications.
Clustering just mitigates the risk, but it doesn’t eliminate it. Be aware of this!