Hello,
I am reaching out because I am facing an issue while configuring external access to the Keycloak admin interface.
Our use case requires that external clients be able to access the Keycloak admin interface, while at the same time, we want to maintain security by keeping the admin URL private. Currently, we have set up a configuration with Nginx as a reverse proxy and are using HTTPS to ensure secure communication.
However, this configuration poses challenges for sending emails to external users, particularly for the password reset links generated by Keycloak. External users need to receive and follow these links, but the admin interface is currently configured as private.
We have considered several solutions, including the use of VPN, fine-grained permissions management in Keycloak, and limited exposure via a reverse proxy. However, we are not certain about the best approach to take and would appreciate your guidance on the recommended configuration for our specific use case.
Could you please provide us with recommendations or best practices for configuring external access while maintaining the security of the Keycloak admin interface?
We greatly appreciate your assistance and thank you in advance for your time and guidance.
Best regards,