top of page
KEYCLOAK CONSULTING

Keycloak. Enterprise ready with Midships.

Standards first, no per seat licensing, no lock in, full source code. We close every gap that makes Keycloak production grade for a regulated environment, with zero downtime upgrades, enterprise high availability, API first journeys and Guardian operations, at a materially lower total cost of ownership.

0 production outages, ever

99.999% availability target

development ready in 2 sprints

API first

Why enterprises choose Keycloak

Open source economics, enterprise standards.

Standards first

OIDC, OAuth2, SAML, LDAP and AD federation, and WebAuthn, out of the box, with no proprietary extensions required.

Lower total cost of ownership

An open source core, with CPU based licensing on Red Hat Build of Keycloak, and none of the per identity or per session pricing that scales against you.

No lock in

Fully extensible and customisable, your team owns the platform, and our Accelerator includes the full source code by design.

Composable

Designed to work alongside external policy, fraud and analytics systems, including Ping Universal Services for enterprises that want the best of both.

What Midships adds to Keycloak

Out of the box leaves gaps that matter in a regulated environment. We fill all of them.

Zero downtime, always

Blue green and canary upgrades, HA clustering, and multi site DR with rehearsed failover and rollback.

Extended Authentication Flow API

Any Keycloak authentication flow exposed as a callable endpoint, enabling headless IAM for mobile and embedded apps. Proprietary to our Accelerator.

Modern authentication journeys

Passwordless and passkeys, silent device authentication, transaction signing, and risk based step up MFA, through our Authenticator Library.

Scale without limits

Elastic autoscaling on EKS, AKS, GKE and OpenShift, tuned for thousands of transactions per second and global workloads.

Everything as code

Git friendly realm, client and flow configuration, audit ready promotion pipelines, and HashiCorp Vault and Kubernetes secrets out of the box.

Guardian, 24x7 operations

SRE led, a 99.999 percent uptime target, zero downtime upgrades, and quarterly DR drills with auditor evidence packs.

Out of the box versus the Midships Accelerator

A development ready environment that mirrors production, in two sprints.

✗
✗
✗
✗
✗

Pre packaged identity journeys

Security hardening best practice

Autoscaling and HashiCorp Vault

Multi cluster, multi region, multi cloud

Extended Authentication Flow API

✓
✓
✓
✓
✓

weeks of manual work

2 sprints

Development ready environment

Out of the box 
Midships
Factor
Red Hat Build of Keycloak

For regulated enterprises we recommend Red Hat Build of Keycloak, which adds enterprise support, CVE remediation and a published lifecycle to the open source core, with certification on OpenShift and major Kubernetes platforms. Midships adds the delivery and operational expertise that makes it production grade. Over five years, enterprises typically save 30 to 60 percent in total identity platform cost when moving from per seat IAM licensing to Keycloak with Midships. Keycloak is in production today for multiple tier one banks in Asia Pacific.

Why Midships, and why Keycloak leads

Our customers are driving this. Regulated enterprises increasingly want standardisation, open standards and predictable cost for core identity, rather than per seat licensing they cannot forecast. The Red Hat Build of Keycloak Accelerator is our answer to that demand, and AI Led SDLC set up for Keycloak journeys is how we deliver it with discipline. This is not us moving away from a partner. It is us following the customer, and the customer is moving toward open standards. We govern what we operate.

Common Questions

Keycloak – FAQs

Is Keycloak enterprise ready?

Keycloak is standards first and fully owned, but out of the box it leaves gaps for a regulated environment. Midships closes them, giving a development ready environment that mirrors production in two sprints.

What does Midships add to Keycloak?

Zero downtime upgrades, our proprietary Extended Authentication Flow API, modern journeys such as passwordless, passkeys, silent device authentication and transaction signing, elastic scale, everything as code, and 24x7 Guardian operations.

How much can we save by moving to Keycloak?

Over five years, enterprises typically save 30 to 60 percent in total identity platform cost when moving from per seat IAM licensing to Keycloak with Midships.

Should we use Red Hat Build of Keycloak?

For regulated enterprises we recommend it, because it adds enterprise support, CVE remediation and a published lifecycle to the open source core. Midships adds the expertise that makes it production grade.

bottom of page