Authentication
Keycloak Authentication
Keep supports Keycloak in a “managed” way where Keep auto-provisions all resources (realm, client, etc.). Keep can also work with externally managed Keycloak. To learn how, please contact the team on Slack.
This feature is a part of Keep Enterprise. Talk to us to get access: https://www.keephq.dev/meet-keep
Keep integrates with Keycloak to provide a powerful and flexible authentication system for multi-tenant applications, supporting Single Sign-On (SSO) and SAML.
When to Use
- On Prem: When deploying Keep on-premises and requiring a robust authentication system.
- OSS: If you prefer using open-source software for your authentication needs.
- Enterprise Protocols: When you need support for enterprise-level protocols like SAML and OpenID Connect.
- Fully Customized: When you need a highly customizable authentication solution.
- RBAC: When you require Role-Based Access Control for managing user permissions.
- User and Group Management: When you need advanced user and group management capabilities.
Setup Instructions
To start Keep with Keycloak authentication, set the following environment variables:
Frontend Environment Variables
Environment Variable | Description | Required | Default Value |
---|---|---|---|
AUTH_TYPE | Set to ‘KEYCLOAK’ for Keycloak authentication | Yes | - |
KEYCLOAK_ID | Your Keycloak client ID (e.g. keep) | Yes | - |
KEYCLOAK_ISSUER | Full URL to Your Keycloak issuer URL e.g. http://localhost:8181/auth/realms/keep | Yes | - |
KEYCLOAK_SECRET | Your Keycloak client secret | Yes | keep-keycloak-secret |
Backend Environment Variables
Environment Variable | Description | Required | Default Value |
---|---|---|---|
AUTH_TYPE | Set to ‘KEYCLOAK’ for Keycloak authentication | Yes | - |
KEYCLOAK_URL | Full URL to your Keycloak server | Yes | http://localhost:8181/auth/ |
KEYCLOAK_REALM | Your Keycloak realm | Yes | keep |
KEYCLOAK_CLIENT_ID | Your Keycloak client ID | Yes | keep |
KEYCLOAK_CLIENT_SECRET | Your Keycloak client secret | Yes | keep-keycloak-secret |
KEYCLOAK_ADMIN_USER | Admin username for Keycloak | Yes | keep_admin |
KEYCLOAK_ADMIN_PASSWORD | Admin password for Keycloak | Yes | keep_admin |
KEYCLOAK_AUDIENCE | Audience for Keycloak | Yes | realm-management |
Example configuration
To get a better understanding on how to use Keep together with Keycloak, you can:
- See Keycloak directory for configuration, realm.json, etc
- See Keep + Keycloak docker-compose example