Multi-Tenancy Web App with Keycloak

I wonder if using Keycloak for a multi-tenancy application is feasible. Is it easy to for example, configure a CMS so each tenant’s users gets their own personalized login theme?

Has anyone had experience with this before? Appreciate all answers.

Keycloak does not really support multi-tenancy.
There are different approaches, using different entities (groups, realms, etc.). The Keycloak project discussed this once somewhere in a GitHub discussion thread, to include something multit-tenancy support-like. But I don’t know about any status or timeline.

There’s the GitHub - p2-inc/keycloak-orgs: Single realm, multi-tenancy for SaaS apps extension, which can do a lot, but I don’t know about the theming thing, perhaps @xgp can tell you something about that.

See also my video about realms and multi-tenancy:

1 Like

I will for sure watch it! Thank you niko!

I’m using dasniko’s Option 2 (tenant realm) successfully with a customer. The downsides of the tenant realm approach listed in the video are acceptable because

  1. Identity providers are optional. Some tenants are offered a bring-your-own IdP but others don’t need it
  2. Clients vary. Though many tenants use the same clients, it wasn’t labor-intensive to create new clients for each realm
1 Like