Logo
IDPTrust
idptrust.com
🇬🇧🇪🇸

Frequently asked questions about our Keycloak services

We integrate with your current provider/team — we don't replace them. Unique services built from enterprise experience with strict ISO/compliance.

Get started

Book a 30‑minute call with a Keycloak architect.

Define scope, timeline and risks. If needed, run a 1–2 week PoC.

SPI plugins: licensed & custom

Catalog: vendor‑agnostic MFA, context‑aware auth, audit reports.

Custom plugin development with long‑term maintenance.

Consulting and support

SLAs, patching, controlled upgrades.

Run on‑prem, in your cloud or hosted by us.

Advisory & architecture

HA, multi‑AZ/region, performance and security design.

Hands‑on training and knowledge transfer.

DRP: design & regular drills

RTO/RPO, verified backups and failover tests.

Living documentation and periodic audits.

What sets us apart

We work alongside your current provider/team.

Unique services born from enterprise experience with strict ISO/compliance.

Keycloak FAQ: consulting, plugins, maintenance & DRP

Do you work with our existing provider/team?
Yes — we integrate and complement and enhance their capabilities.; we don't replace.
What is vendor‑agnostic MFA?
A plugin enabling TOTP, WebAuthn, SMS/Email, push without locking into a single vendor.
What is context‑aware auth?
Risk‑based decisions using IP/Geo, device, time and reputation to step‑up, block or allow.
Do you offer 24/7 support?
Yes, patching and incident response support.
Can you run in our cloud?
Yes: AWS/Azure/GCP or on‑prem.
How do you handle upgrades?
Version planning, staging, regression tests, controlled windows and rollback.
Compliance readiness?
Traceability, logging, SoD and documentation aligned with ISO and internal policies.
What does DRP include?
RTO/RPO definition, continuity architecture and regular drills with reports.
Migrations from RH‑SSO or others?
Yes. Inventories, testing and assisted cut‑over.
Observability stack?
Metrics, traces and centralized logs; SLO‑based dashboards and alerts.
Hardening included?
Yes: TLS/HSTS, policies, brute‑force protection, key rotation, least privilege and secret vaults.
Start with an audit?
Yes. Initial assessment surfacing gaps and quick wins.
Typical timelines?
PoC 1–2 weeks; pilot 3–6; production 6–10 depending on scope/integrations.
Pricing & plugin licenses?
Annual licenses with support/roadmap. Custom development available.
Team training?
Yes. Hands‑on training, runbooks and checklists.
External IdPs support?
Yes: SAML/OIDC brokers and corporate directories.
Login performance tuning?
Yes. Cache, DB, flow and static optimization.
Secret management?
Vault/KMS with rotation and access control; no secrets in code.
Region failure?
Failover per RTO/RPO with documented drills and post‑mortems.
WebAuthn/Passkeys?
Yes. Supported via plugins and recommended configurations.
SIEM/SOAR integration?
Yes, we export events and alerts to your current stack.
Talk to an expert