Multi Tenancy With Multiple realm

Rasti · March 21, 2025, 1:41pm

Hello,

I have a multi tenancy with multiple realms setup in my keycloak and one frontend application, each realm has it’s own set of users etc. The question is how to determine which realm to redirect the user to from the FE app. I can think of two approaches

determine user realm in FE app by asking user to provide username/email then redirect
a custom flow to a main client in keycloak then redirect user to dist client but I run into client session issues when I redirect from one client to another

could I get some direction on which approach to go for and I would appreciate any recommendations for different approaches

dasniko · March 24, 2025, 1:19pm

If your “tenant realms” have users with a distinct email domain, you could make use of the new Organizations feature.
You would have one “app realm”, where all the tenant realms are configured as external IdP and also configured with an organization, which does automatic redirection upon entering the proper email-address.
This way, your client has only to be configured in and talk to one realm, but you can also keep the existing tenant realms.

You don’t want to do this, this is a man in the middle. You want to avoid by all means the contact between your client and users credentials.

Topic		Replies	Views
How to authenticate users from different realms against a single application? Securing applications authentication	1	5495	August 24, 2021
Multi-Tenancy - realm resolution based on username (email address) Configuring the server	9	16424	December 4, 2023
Multi Tenancy with multiple realms drawbacks Getting advice	0	907	February 19, 2021
Best practice for keycloak multi-tenancy Getting advice authentication	3	1220	March 10, 2022
Realms for tenants but with shared clients	0	482	October 22, 2021

Multi Tenancy With Multiple realm

Related topics