English
Go to website
Back
Articles on:
Getting Started
How to setup Keycloak IAM on your website & apps.
Custom extensions (jar)
Keycloak is designed to cover most use-cases without requiring custom code, but we also want it to be customizable. To achieve this Keycloak has a number of Service Provider Interfaces (SPI) for which you can implement your own providers. Custom providers play a key role in Keycloak's architecture. For every major functionality, like the login flow, authentication, authorization, there's a corresponding Service Provider Interface. This approach allows us to plug custom implementations for a
Very popular
Custom Domains
Domain customization allows you to use your domain instead of redirecting your consumers to the Cloud-IAM domain. It will help you maintain consistency and give a frictionless experience to your consumers. In this article, we will assume that the domain my-custom.domain.tld will serve requests from the deployment deployment.cloud-iam.com. 
The whole authentication and registration experience along with the email sent can be customized in Keycloak through a custom extension. Examples are available on official keycloak source base or on our github. Getting started Let me help you step by step: 👥 First clone [this example repository](https://github.com/clou
Very popular
Environment variables
Cloud IAM dashboard and API can now be used to define environment variables that will be injected in your Keycloak deployment’s environment. Any uploaded custom Keycloak extensions can access these environment variables for configuration purposes. Every time environment variables are changed, Cloud-IAM will trigger a zero-downtime redeployment of the corresponding Keycloak cluster. . Logs access are the best way to understand what is going on with your deployment and how your custom extensions are doing. Keycloak real-time logs
Popular
Keycloak data export
Cloud-IAM has the ability to export the entire Keycloak database. This can be especially useful if you want to migrate your whole Keycloak database from one environment to another. Export is available through Cloud-IAM dashboard and Cloud-IAM API and return a single zip file. At Cloud-IAM we aim to always give our customers full control over their data. We will never be a company th
Popular
Migrate from self-hosted to Cloud-IAM
Cloud-IAM can provide a Keycloak custom extension for €2000 that seamlessly migrate — without down-time and user-impact — users between your self-hosted Keycloak setup and your Cloud-IAM Keycloak cluster.
Some readers
Activate Keycloak feature profiles
For reliability and maintainability reasons Cloud-IAM does give users access access to Keycloak JVM configuration. To activate feature profile in Keycloak and access preview features like user profile or token exchange please contact our support.
Some readers
Deployment configuration
Once deployed, your Keycloak deployment can be configured via the dashboard or through the API. Configure environment variables Add custom extensions (jar) Configure allowlists
Few readers
IPs allowlists
IPs allowlist for the login and admin urls of Keycloak deployments can be configured through the Cloud IAM dashboard and API. Cloud-IAM has two types of IPs alllowlist OpenID APIs endpoints: these urls are related with the end-user (Cloud-IAM customer's own customers) endpoints for login, sign up, forgot password and the underneath REST APIs required to get authenticated and generate JWT access tokens Keycloak REST Admin endpoints: these urls are related with the Keycloak administration con
Few readers
Use a reverse-proxy in front of a Cloud-IAM's Keycloak deployment
In some cases, the requirement to filter, redirect or customize some requests to Keycloak requires the customer to pass every requests through an active server (e.g. Nginx, Traefik, Envoy, Kong, Gravitee, ...) that acts as a reverse proxy. In this article, we will assume that the domain my-custom.domain.tld will serve requests from the deployment deployment.cloud-iam.com. Reverse proxy
Few readers
Use a CDN in front of a Cloud-IAM's Keycloak deployment
A CDN (like Cloudflare, AWS Cloudfront, ...) is a reverse proxy at scale with additional features such as intelligent filtering, caching, routing, ... This implies that the end-user requests are not directly routed to the Cloud-IAM cluster, but an additional server (company) interacts before proxying them to the cluster. In this article, we will assume that the domain my-custom.domain.tld will serve reque
Few readers