Keycloak. Enterprise ready with Midships.
Standards first, no per seat licensing, no lock in, full source code. We close every gap that makes Keycloak production grade for a regulated environment, with zero downtime upgrades, enterprise high availability, API first journeys and Guardian operations, at a materially lower total cost of ownership.
0 production outages, ever
99.999% availability target
development ready in 2 sprints
API first
Open source economics, enterprise standards.
Standards first
OIDC, OAuth2, SAML, LDAP and AD federation, and WebAuthn, out of the box, with no proprietary extensions required.
Lower total cost of ownership
An open source core, with CPU based licensing on Red Hat Build of Keycloak, and none of the per identity or per session pricing that scales against you.
No lock in
Fully extensible and customisable, your team owns the platform, and our Accelerator includes the full source code by design.
Composable
Designed to work alongside external policy, fraud and analytics systems, including Ping Universal Services for enterprises that want the best of both.
Out of the box leaves gaps that matter in a regulated environment. We fill all of them.
Zero downtime, always
Blue green and canary upgrades, HA clustering, and multi site DR with rehearsed failover and rollback.
Extended Authentication Flow API
Any Keycloak authentication flow exposed as a callable endpoint, enabling headless IAM for mobile and embedded apps. Proprietary to our Accelerator.
Modern authentication journeys
Passwordless and passkeys, silent device authentication, transaction signing, and risk based step up MFA, through our Authenticator Library.
Scale without limits
Elastic autoscaling on EKS, AKS, GKE and OpenShift, tuned for thousands of transactions per second and global workloads.
Everything as code
Git friendly realm, client and flow configuration, audit ready promotion pipelines, and HashiCorp Vault and Kubernetes secrets out of the box.
Guardian, 24x7 operations
SRE led, a 99.999 percent uptime target, zero downtime upgrades, and quarterly DR drills with auditor evidence packs.
A development ready environment that mirrors production, in two sprints.
Pre packaged identity journeys
Security hardening best practice
Autoscaling and HashiCorp Vault
Multi cluster, multi region, multi cloud
Extended Authentication Flow API
weeks of manual work
2 sprints
Development ready environment
For regulated enterprises we recommend Red Hat Build of Keycloak, which adds enterprise support, CVE remediation and a published lifecycle to the open source core, with certification on OpenShift and major Kubernetes platforms. Midships adds the delivery and operational expertise that makes it production grade. Over five years, enterprises typically save 30 to 60 percent in total identity platform cost when moving from per seat IAM licensing to Keycloak with Midships. Keycloak is in production today for multiple tier one banks in Asia Pacific.
Our customers are driving this. Regulated enterprises increasingly want standardisation, open standards and predictable cost for core identity, rather than per seat licensing they cannot forecast. The Red Hat Build of Keycloak Accelerator is our answer to that demand, and AI Led SDLC set up for Keycloak journeys is how we deliver it with discipline. This is not us moving away from a partner. It is us following the customer, and the customer is moving toward open standards. We govern what we operate.
Keycloak – FAQs
Is Keycloak enterprise ready?
Keycloak is standards first and fully owned, but out of the box it leaves gaps for a regulated environment. Midships closes them, giving a development ready environment that mirrors production in two sprints.
What does Midships add to Keycloak?
Zero downtime upgrades, our proprietary Extended Authentication Flow API, modern journeys such as passwordless, passkeys, silent device authentication and transaction signing, elastic scale, everything as code, and 24x7 Guardian operations.
How much can we save by moving to Keycloak?
Over five years, enterprises typically save 30 to 60 percent in total identity platform cost when moving from per seat IAM licensing to Keycloak with Midships.
Should we use Red Hat Build of Keycloak?
For regulated enterprises we recommend it, because it adds enterprise support, CVE remediation and a published lifecycle to the open source core. Midships adds the expertise that makes it production grade.