What is Keycloak and what are its top alternatives?
Top Alternatives to Keycloak
- Auth0
A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications. ...
- Okta
Connect all your apps in days, not months, with instant access to thousands of pre-built integrations - even add apps to the network yourself. Integrations are easy to set up, constantly monitored, proactively repaired and handle authentication and provisioning. ...
- FreeIPA
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers. ...
- Dex
Dex is a personal CRM that helps you build stronger relationships. Remember where you left off, keep in touch, and be more thoughtful -- all in one place. ...
- Vault
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. ...
- JSON Web Token
JSON Web Token is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. ...
- Azure Active Directory
It is a comprehensive identity and access management solution that gives you a robust set of capabilities to manage users and groups. You can get the reliability and scalability you need with identity services that work with your on-premises, cloud, or hybrid environment. ...
- Amazon Cognito
You can create unique identities for your users through a number of public login providers (Amazon, Facebook, and Google) and also support unauthenticated guests. You can save app data locally on users’ devices allowing your applications to work even when the devices are offline. ...
Keycloak alternatives & related posts
Auth0
- JSON web token70
- Integration with 20+ Social Providers31
- SDKs20
- It's a universal solution20
- Amazing Documentation15
- Heroku Add-on11
- Enterprise support8
- Great Sample Repos7
- Extend platform with "rules"7
- Azure Add-on4
- Easy integration, non-intrusive identity provider3
- Passwordless3
- It can integrate seamlessly with firebase2
- Great documentation, samples, UX and Angular support2
- Polished2
- On-premise deployment2
- Will sign BAA for HIPAA-compliance1
- MFA1
- Active Directory support1
- Springboot1
- SOC21
- SAML Support1
- Great support1
- OpenID Connect (OIDC) Support1
- Pricing too high (Developer Pro)14
- Poor support7
- Rapidly changing API4
- Status page not reflect actual status4
related Auth0 posts
Hi Otensia! I'd definitely recommend using the skills you've already got and building with JavaScript is a smart way to go these days. Most platform services have JavaScript/Node SDKs or NPM packages, many serverless platforms support Node in case you need to write any backend logic, and JavaScript is incredibly popular - meaning it will be easy to hire for, should you ever need to.
My advice would be "don't reinvent the wheel". If you already have a skill set that will work well to solve the problem at hand, and you don't need it for any other projects, don't spend the time jumping into a new language. If you're looking for an excuse to learn something new, it would be better to invest that time in learning a new platform/tool that compliments your knowledge of JavaScript. For this project, I might recommend using Netlify, Vercel, or Google Firebase to quickly and easily deploy your web app. If you need to add user authentication, there are great examples out there for Firebase Authentication, Auth0, or even Magic (a newcomer on the Auth scene, but very user friendly). All of these services work very well with a JavaScript-based application.
Hey all, We're currently weighing up the pros & cons of using Firebase Authentication vs something more OTB like Auth0 or Okta to manage end-user access management for a consumer digital content product. From what I understand so far, Something like Firebase Auth would require more dev effort but is likely to cost less overall, whereas OTB, you have a UI-based console which makes config by non-technical business users easier to manage. Does anyone else have any intuitions or experiences they could share on this, please? Thank you!
- REST API14
- SAML9
- OIDC OpenID Connect5
- Protect B2E, B2B, B2C apps5
- User Provisioning5
- Easy LDAP integration5
- Universal Directory4
- Tons of Identity Management features4
- SSO, MFA for cloud, on-prem, custom apps4
- API Access Management - oAuth2 as a service4
- Easy Active Directory integration3
- SWA applications Integration2
- SOC21
- Test0
- Pricing is too high5
- Okta verify (Multi-factor Authentication)1
related Okta posts
Hey all, We're currently weighing up the pros & cons of using Firebase Authentication vs something more OTB like Auth0 or Okta to manage end-user access management for a consumer digital content product. From what I understand so far, Something like Firebase Auth would require more dev effort but is likely to cost less overall, whereas OTB, you have a UI-based console which makes config by non-technical business users easier to manage. Does anyone else have any intuitions or experiences they could share on this, please? Thank you!
If these three are your options, I would recommend going with Auth0. They have all functionality available as developer API (Okta e.g. not) so you can manage your instance with Infrastructure as code and can also easily add functionalities relatively easily with the API. They are also really powerful if we're talking about ABAC (Attribute based access control). You can also enrich your access token with custom claims from your MongoDB, that can be probably really useful, as you said that you're dealing with multi tenancy.
We're using Auth0 in combination with Fauna Fauna is a database, so it would challenge you're mongodb. But Faunadb is the first database that implemented a full end user ABAC system directly in the database. (And also a lot easier than the ABAC systems from Okta or Auth0). This helps us, to use Auth0 only as identity platform and doing all the authorization with enriched claims over Fauna. With that you can skip in a lot of the cases you're backend, and you can request directly from the frontend your database (Blazing fast). Also, you can replace in some years Auth0 a lot easier with some upcoming cheaper (Auth0 was bought by Okta for a hilarious price) and "easy to use" passwordless identity provider like Passage.id
FreeIPA
- Manages sudo command groups and sudo commands2
- Manages host and host groups1
related FreeIPA posts
related Dex posts
Vault
- Secure16
- Variety of Secret Backends12
- Very easy to set up and use11
- Dynamic secret generation8
- AuditLog5
- Leasing and Renewal3
- Privilege Access Management3
- Variety of Auth Backends2
- Easy to integrate with2
- Open Source2
- Consol integration2
- Handles secret sprawl2
- Multicloud1
related Vault posts
related JSON Web Token posts
Repost
Overview: To put it simply, we plan to use the MERN stack to build our web application. MongoDB will be used as our primary database. We will use ExpressJS alongside Node.js to set up our API endpoints. Additionally, we plan to use React to build our SPA on the client side and use Redis on the server side as our primary caching solution. Initially, while working on the project, we plan to deploy our server and client both on Heroku . However, Heroku is very limited and we will need the benefits of an Infrastructure as a Service so we will use Amazon EC2 to later deploy our final version of the application.
Serverside: nodemon will allow us to automatically restart a running instance of our node app when files changes take place. We decided to use MongoDB because it is a non relational database which uses the Document Object Model. This allows a lot of flexibility as compared to a RDMS like SQL which requires a very structural model of data that does not change too much. Another strength of MongoDB is its ease in scalability. We will use Mongoose along side MongoDB to model our application data. Additionally, we will host our MongoDB cluster remotely on MongoDB Atlas. Bcrypt will be used to encrypt user passwords that will be stored in the DB. This is to avoid the risks of storing plain text passwords. Moreover, we will use Cloudinary to store images uploaded by the user. We will also use the Twilio SendGrid API to enable automated emails sent by our application. To protect private API endpoints, we will use JSON Web Token and Passport. Also, PayPal will be used as a payment gateway to accept payments from users.
Client Side: As mentioned earlier, we will use React to build our SPA. React uses a virtual DOM which is very efficient in rendering a page. Also React will allow us to reuse components. Furthermore, it is very popular and there is a large community that uses React so it can be helpful if we run into issues. We also plan to make a cross platform mobile application later and using React will allow us to reuse a lot of our code with React Native. Redux will be used to manage state. Redux works great with React and will help us manage a global state in the app and avoid the complications of each component having its own state. Additionally, we will use Bootstrap components and custom CSS to style our app.
Other: Git will be used for version control. During the later stages of our project, we will use Google Analytics to collect useful data regarding user interactions. Moreover, Slack will be our primary communication tool. Also, we will use Visual Studio Code as our primary code editor because it is very light weight and has a wide variety of extensions that will boost productivity. Postman will be used to interact with and debug our API endpoints.
Overview: To put it simply, we plan to use the MERN stack to build our web application. MongoDB will be used as our primary database. We will use ExpressJS alongside Node.js to set up our API endpoints. Additionally, we plan to use React to build our SPA on the client side and use Redis on the server side as our primary caching solution. Initially, while working on the project, we plan to deploy our server and client both on Heroku. However, Heroku is very limited and we will need the benefits of an Infrastructure as a Service so we will use Amazon EC2 to later deploy our final version of the application.
Serverside: nodemon will allow us to automatically restart a running instance of our node app when files changes take place. We decided to use MongoDB because it is a non relational database which uses the Document Object Model. This allows a lot of flexibility as compared to a RDMS like SQL which requires a very structural model of data that does not change too much. Another strength of MongoDB is its ease in scalability. We will use Mongoose along side MongoDB to model our application data. Additionally, we will host our MongoDB cluster remotely on MongoDB Atlas. Bcrypt will be used to encrypt user passwords that will be stored in the DB. This is to avoid the risks of storing plain text passwords. Moreover, we will use Cloudinary to store images uploaded by the user. We will also use the Twilio SendGrid API to enable automated emails sent by our application. To protect private API endpoints, we will use JSON Web Token and Passport. Also, PayPal will be used as a payment gateway to accept payments from users.
Client Side: As mentioned earlier, we will use React to build our SPA. React uses a virtual DOM which is very efficient in rendering a page. Also React will allow us to reuse components. Furthermore, it is very popular and there is a large community that uses React so it can be helpful if we run into issues. We also plan to make a cross platform mobile application later and using React will allow us to reuse a lot of our code with React Native. Redux will be used to manage state. Redux works great with React and will help us manage a global state in the app and avoid the complications of each component having its own state. Additionally, we will use Bootstrap components and custom CSS to style our app.
Other: Git will be used for version control. During the later stages of our project, we will use Google Analytics to collect useful data regarding user interactions. Moreover, Slack will be our primary communication tool. Also, we will use Visual Studio Code as our primary code editor because it is very light weight and has a wide variety of extensions that will boost productivity. Postman will be used to interact with and debug our API endpoints.
- Backed by Microsoft Azure6
- Closed source3
related Azure Active Directory posts
Amazon Cognito
- Backed by Amazon14
- Manage Unique Identities7
- Work Offline4
- MFA3
- Store and Sync2
- Free for first 50000 users1
- It works1
- Integrate with Google, Amazon, Twitter, Facebook, SAML1
- SDKs and code samples1
- Massive Pain to get working4
- Documentation often out of date3
- Login-UI sparsely customizable (e.g. no translation)2
- Docs are vast but mostly useless1
- MFA: there is no "forget device" function1
- Difficult to customize (basic-pack is more than humble)1
- Lacks many basic features1
- There is no "Logout" method in the API1
- Different Language SDKs not compatible1
- No recovery codes for MFA1
- Hard to find expiration times for tokens/codes1
- Only paid support1
related Amazon Cognito posts
I'm starting a new React Native project and trying to decide on an auth provider. Currently looking at Auth0 and Amazon Cognito. It will need to play nice with a Django Rest Framework backend.