Keycloak Security Advisor β

What is Keycloak Advisor? β
Keycloak Advisor is a cloud-based security analysis tool built into the Cloud-IAM console.
It helps you assess the security configuration of your Keycloak deployment by generating an automated audit report, with clear and actionable recommendations.
Once the analysis is complete, a structured .pdf report is generated. This report may include, but is not limited to, the following sections:
- Disclaimer β Outlines the purpose, scope, and limitations of the automated audit.
- Explanations β Legend of icons and rule severities to help interpret results
- TL;DR β A concise summary of key findings and high-level recommendations
- Infrastructure β Overview of your Keycloak environmentβs infrastructure
- Server Information β Details on Keycloak version
- Realm: master β Security audit of the default master realm.
- Clients of realm master β Detailed analysis of critical clients like:
- Other Realm Analysis β Summary of findings for all additional realms in your deployment.
- Broken Rules Summary β List of failed or misconfigured rules grouped by severity.
- Conclusion β Final recommendations and guidance to improve your security posture.
This report helps teams quickly spot misconfigurations, improve compliance, and maintain high security standards without ever exposing user data.
How Keycloak Advisor works? β
Keycloak Advisor connects to your deployment only to collect configuration-related information. It does not access or process any user data, passwords, or sensitive content.
All collected data is:
- Processed in-memory only
- Never stored or written to disk
- Handled following strict security and privacy best practices
Once the scan is complete, a PDF audit report is generated, summarizing the results and offering security recommendations based on Keycloak best practices.
Why use Keycloak Advisor? β
Itβs an efficient and secure way to maintain a high-security standard across your Keycloak deployment.
Using Keycloak Advisor allows you to:
- Perform a security audit of your Keycloak configuration
- Gain visibility into misconfigurations or weak settings
- Improve your compliance posture
- Receive best practice advice
How to generate a Keycloak advisor report? β
Follow these easy steps to generate your Keycloak advisor:
- Open Cloud-IAM console
- Select the Keycloak deployment you want to export.
- Click on
Insights
- Select
Advisor
- Then Click on
Run analysis
After 2β5 minutes, your audit will be ready. Youβll be able to download a .pdf
file containing the complete Keycloak Advisor report.

Preview status β
Keycloak Advisor is currently in preview.
This means:
- Features may evolve or change
- You may experience minor issues or limitations
Weβre actively improving this tool. Your feedback is welcome and helps us shape its future.