Skip to content

Keycloak Security Advisor ​

Keycloak advisor Feature
Cloud-IAM Console - Keycloak advisor feature

What is Keycloak Advisor? ​

Keycloak Advisor is a cloud-based security analysis tool built into the Cloud-IAM console.
It helps you assess the security configuration of your Keycloak deployment by generating an automated audit report, with clear and actionable recommendations.

Once the analysis is complete, a structured .pdf report is generated. This report may include, but is not limited to, the following sections:

  • Disclaimer – Outlines the purpose, scope, and limitations of the automated audit.
  • Explanations – Legend of icons and rule severities to help interpret results
  • TL;DR – A concise summary of key findings and high-level recommendations
  • Infrastructure – Overview of your Keycloak environment’s infrastructure
  • Server Information – Details on Keycloak version
  • Realm: master – Security audit of the default master realm.
  • Clients of realm master – Detailed analysis of critical clients like:
  • Other Realm Analysis – Summary of findings for all additional realms in your deployment.
  • Broken Rules Summary – List of failed or misconfigured rules grouped by severity.
  • Conclusion – Final recommendations and guidance to improve your security posture.

This report helps teams quickly spot misconfigurations, improve compliance, and maintain high security standards without ever exposing user data.

How Keycloak Advisor works? ​

Keycloak Advisor connects to your deployment only to collect configuration-related information. It does not access or process any user data, passwords, or sensitive content.

All collected data is:

  • Processed in-memory only
  • Never stored or written to disk
  • Handled following strict security and privacy best practices

Once the scan is complete, a PDF audit report is generated, summarizing the results and offering security recommendations based on Keycloak best practices.

Why use Keycloak Advisor? ​

It’s an efficient and secure way to maintain a high-security standard across your Keycloak deployment.

Using Keycloak Advisor allows you to:

  • Perform a security audit of your Keycloak configuration
  • Gain visibility into misconfigurations or weak settings
  • Improve your compliance posture
  • Receive best practice advice

How to generate a Keycloak advisor report? ​

Follow these easy steps to generate your Keycloak advisor:

  1. Open Cloud-IAM console
  2. Select the Keycloak deployment you want to export.
  3. Click on Insights
  4. Select Advisor
  5. Then Click on Run analysis

After 2–5 minutes, your audit will be ready. You’ll be able to download a .pdf file containing the complete Keycloak Advisor report.

Keycloak advisor Access
Cloud-IAM Console - Keycloak advisor Access

Preview status ​

Keycloak Advisor is currently in preview.

This means:

  • Features may evolve or change
  • You may experience minor issues or limitations

We’re actively improving this tool. Your feedback is welcome and helps us shape its future.