IDPTrust
IDPTrust
idptrust.com
🇬🇧🇪🇸

Frequently asked questions about our Keycloak services

We integrate with your existing provider or team to extend capabilities: enterprise platform, specialized consulting, and version migration.

Get started

Book a 30-minute call with a Keycloak architect and receive a free initial assessment.

We define scope, timeline, and risks. If applicable, we run a focused PoC (1–2 weeks).

IDPTrust Platform

Three enterprise modules that extend Keycloak without modifying your instance: Context-Based Authentication (risk-based access control), User Management (advanced user operations), and Observability (persistent, exportable audit).

Subscription plans with support included. Ideal for instances with 500+ users.

Specialized consulting

Realm configuration and customization, advanced authentication flows with MFA, security audits, and migration/upgrade from legacy versions.

Flexible formats: hours package, fixed-scope project, monthly retainer, or one-time audit.

Keycloak Migration & Upgrade

Complete 5-phase migration: new Quarkus instance deployment, configuration and data migration, theme and email customization, exhaustive validation, and production cutover.

Includes 4-week post-migration support, technical documentation, and team training.

Managed operations & DRP

Ongoing maintenance of your instance: controlled upgrades, backups, observability, and incident response.

Disaster Recovery Plan (DRP) with regular drills and evidence reports.

What sets us apart

100% specialized in Keycloak. We don't do identity in general — we do Keycloak, done right.

Enterprise experience in EU/US with strict compliance (PCI-DSS, PSD2, ISO 27001).

Frequently asked questions

Do you work with our existing provider/team?
Yes. We integrate with your existing provider/team and extend capabilities without replacing them.
What is Context-Based Authentication?
A platform module that evaluates real-time signals (geolocation, IP, device, behavior) against a configurable risk matrix to decide whether to allow, require additional MFA, or block access.
What does the User Management module include?
Advanced user management: bulk CSV import/export, filters by attributes, roles, groups, sessions and credentials, bulk actions, automatic deactivation by inactivity, and historical change log.
What does the Observability module offer?
Persistent audit in a dedicated database with human-readable descriptions, advanced search, CSV/PDF export, and ready for GDPR, SOC2, and ISO 27001.
What does the Compliance module offer?
It audits compliance with OAuth 2.1, FAPI 2.0, and SAML 2.0 security profiles in your Keycloak instance, with the ability to schedule periodic compliance reports.
Do you handle migrations from legacy Keycloak versions?
Yes. Complete 5-phase migration: new Quarkus instance, configuration and data migration, customization, exhaustive validation, and cutover with 4-week post-migration support.
Which versions can you migrate from?
Any version, including very old WildFly-based instances or unsupported databases. We migrate to the latest stable version on Quarkus with PostgreSQL.
Do you offer 24/7 support?
Yes, on premium plans with incident response, patching, and monitoring.
Can you operate in our infrastructure?
Yes: AWS, Azure, GCP, or on-prem.
Compliance readiness?
Yes. Traceability, logging, separation of duties, and documentation aligned with ISO, PCI-DSS, and internal policies.
Can we start with a security audit?
Yes. We review your instance, validate the configuration against best practices, and deliver a report with prioritized findings and a remediation plan.
What collaboration formats do you offer?
Hours package for specific queries, fixed-scope implementation projects, monthly retainer for ongoing support, or one-time audit and code review.
Do you include team training?
Yes. Hands-on training, full documentation, and knowledge transfer with runbooks.
Typical project timelines?
Audit: 1–2 weeks. Implementation project or migration: 4–6 weeks depending on scope. Retainer: ongoing.
How do platform licenses work?
Annual subscription per module with support included. No modifications to your Keycloak instance.
SIEM/SOAR integration?
Yes. The Observability module exports events that can be integrated with your current security stack.
Do you include instance hardening?
Yes: TLS/HSTS, security policies, brute-force protection, key rotation, and least privilege.
Do you support MFA with FIDO2?
Yes. Keycloak natively includes FIDO2 WebAuthn/Passkeys and OTP (TOTP/HOTP). We configure and optimize these flows in your instance, and our Context-Based Authentication module complements them by deciding when to require a second factor based on risk.
Talk to an expert