What can be the maximum number of Realms that can be created for a single Keycloak Instance? Also, will there be any performance issues if the realm count rises above 1000+. If so suggest any alternate solutions. I am using Keycloak Version : 11
It depends on your setup, but people here have reported serious problems when using more than ~400 realms in one Keycloak instance.
1 Like
we want to service a million users from thousands of companies
should we use realm for each company or we should isolate them in another way?
It depends. Do you need to connect an external identity broker or user federation source for each of those companies?
If so, my approach in the past has been realm per company, that then broker to a single realm that you use for authentication for your app. That gives you the flexibility to add new tenant/company clusters if you run up against scaling problems with a single Keycloak instance. The downside is that you need to build your own approach to get users to the right realm (I use a custom Authenticator for this).
If not, there may be a simpler way to architect it with a single realm, like using groups to identify company membership.
Brokering various realm to a single one also duplicates total session count and thus needs more resources.
Another thing is: Do you really want to put all your customers/tenants/etc. into one single Keycloak system (no matter if clustered or not) and thus have one giant single point of failure? If this one and only Keycloak isn’t working any more, no one of your customers is able to auth and work with your applications.
Clustering just mitigates the risk, but it doesn’t eliminate it. Be aware of this!
@baensaf did you get any resolution for your usecase? We have similar usecase where we need to create millions of realms. To performance test, I am trying to create this using keycloak benchmark tool but its breaking after 1250 realms and not allowing me to create any. I dont want keycloak to cache anything as I am not loading admin UI (just want to setup data) but still keycloak fails from 1250 realms which is very minimal number. I tried commenting the realm caching code in benchmark tool but it didnt help. Any suggestions?
@stumkar, we have seen keycloak ui errors after 240 realms some of the UI will not load. Did you try to load any UI when you reach 1000 and over realms? or even keycloak operate. Not sure if anyone else have any success reaching high number of realms
So is keycloak not a good choice for millions of realm? Any suggestion how to do it.
I would like to invest in your business 
Most business have a couple of hundred clients, which can be handled with one realm or a couple of realms.
A use case we faced is where we want to offer our clients their own identity provider/s.
The standard clients go into the same realm and for the professional client get their dedicated realm.
You just need to get the automation right and it works very well.