Keycloak Identity and Access Management as a Service

Perfectly configured and optimized Keycloak IAM, ready in seconds. Keycloak without the pain.

  • No vendor lock-in
  • Reliable & elastic
  • 99.95% SLA
  • Always up to date
  • Secure
  • GDPR Compliant
  • Fully customizable
  • 2FA & OTP
  • White-label
Cloud-IAM Keycloak as a Service
Keycloak in cluster

Fully Managed Keycloak

Cloud IAM automates every part of setup, running and scaling of Keycloak clusters. Available on all major cloud and application platforms all over the world. Let your team focus on what they do best - building your product. Leave server management and monitoring to the experts.


We are here

We provides complete Keycloak support, from emergency services through daily operational support, to strategic planning. We’re here for your identity ops.


Easy Monitoring

Our control panel offers various tools for monitoring and alarms. Now you can address performance issues promptly and automatically, before they impact your business. Cloud IAM make it easy to setup custom alarms via email, webhooks and external services.

Stay in control


IAM is a critical piece

An Identity and Access Management (IAM) service is the central piece of any Information System., it's critical, it must be Highly Available (HA) and scalable.

On-call IAM ops

On-call ops 24/7

Keycloak IAM is hard to secure, maintain, monitor, scale, upgrade and backup.
90% of companies don't have the internal resources to maintain and scale 24/7 their own IAM service.
We do.


Data & Sovereignty

IAM Cloud solutions are usually vendor-locked, closed-source and managed only from USA or China based Clouds. Cloud-IAM does not lock your data nor your software. Cloud-IAM is fully based on Keycloak open-source solution and support both European Cloud Providers and major USA Clouds.

Cloud-IAM's products

Keycloak consulting

Get the most out of your IAM with help from Cloud-IAM’s Keycloak experts.

Good feedback

Get support when and where you need it

You can rest easy with ongoing SLA-based operations and production management for Keycloak


Get end-to-end service

Our keycloak consultant can provide deployment, configuration, and management of Keycloak on-premises or on leading cloud platforms through Cloud-IAM.


We are here

Develop better Keycloak solutions faster by accessing our integrated teams of Keycloak, cloud, security experts, and technical consultants

Cloud-IAM's services

Simple, transparent pricing

How many total users?

The plan that best suits your needs is:

Plan name


Yearly price 10 % Discount





Get Started


Yearly price 10 % Discount





Get Started


Yearly price 10 % Discount





Get Started

Try it for free

Get Started

Cloud-IAM vs the alternatives

TL;DR: Pain, suffering, proprietary and vendor lock-in

Self-hosted Keycloak




Futur-proof and Choice reversibility
No Vendor Lock-in & Open-Source
green tick
green tick
Security & Patch Management
Infrastructure & security updates
Your ops job.
green tick
green tick
green tick
High Availability & SLA
Your ops job.
green tick
green tick
green tick
Infrastructure & Data sovereignty
Data stay in your region (e.g. Europe)
Your job.
Only on AWS or Azure.
‍Costs more
Only on AWS
green tick
Private Cloud outside of GAFAM
green tick
European Company
green tick
dedicated infrastructure
per deployments
green tick
green tick
GDPR compliant
Your job.
green tick
green tick
green tick
IAM Development Services
green tick
Dedicated day per month with
Cloud-IAM's Keycloak experts
green tick

Frequently Asked Questions

Can I trial Cloud-IAM before paying?

Sure! Create a free account right now. No credit-card required. When you are ready just come back here and subscribe.

What's a realm?

A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

What happens when I reach a plan limit?

Cloud-IAM plan's limits are soft limits. When one of your deployments reach its plan limits (e.g. maximum number of users), our team will be notified and will contact you to talk about what to do next : either remove users or realms or upgrade to a bigger subscription plan. We never stop our customer deployments without multiple prior notice.

What does "maximum users for all realms" means?

Users are entities that are able to log into your system. They can have attributes associated with themselves like email, username, address, phone number, and birth day. They can be assigned group membership and have specific roles assigned to them.
The maximum users for all realms is a plan limit that varies between subscription's plan. This figure the total user count in Keycloak deployments. It sums the number of active and inactive users managed in Keycloak in every realms.

How do I import my users?

Batch CSV import is available through support requests. For advanced use-case (e.g. custom authentication setup that you want to migrate to Keycloak) we advice our customer to implement and upload a custom extension (jar).

I already have a Keycloak how do I migrate to Cloud-IAM?

Cloud-IAM provides out-of-the box a Keycloak custom extension that seamlessly migrate — without down-time — users between two Keycloak setup.

Where can I deploy my Keycloak IAM?

Use Cloud-IAM to deploy your Keycloak clusters to one of these Cloud Providers: Google Cloud Platform (Americas, Europe, Asia Pacific), Amazon AWS (North and South America, Europe, Middle East, Africa, Asia Pacific), and Scaleway (Europe). 

What can I white label?

Everything! Subscribe to a dedicated plan (starting with Roaring Rabbit plan) to fully customize your Keycloak, domain name.

Do you support LDAP or Active Directory (AD)?

Yes we do support Active Directory (AD) and LDAP as user storage provider and you can also configure user federation through your Keycloak console.

Will I have to expose my LDAP or Active Directory ?

Yes just like with ADFS you will have to expose your LDAP / Active Directory over interne however we provide the IP list of your deployed Keycloak cluster nodes so you will be able to only authorize them to connect.
Custom plans also have a VPC peering option.

Where are my users stored?

For every dedicated hosting subscription, users are safely stored into highly available and continuously backed up PostgreSQL databases.

Are you GDPR compliant?

Yes, Cloud-IAM is fully GDPR compliant and can easily execute a data processor agreement with your company if needed.

Do you do OTP with SMS?

No we don't and you should not.

How email sending is handled?

Cloud-IAM customers can configure an SMTP server inside Keycloak administration console in order to send emails. It's completely self-service.

How to manage configuration between environments?

All tools that automates Keycloak configuration management between production and other environments (e.g. Staging) are available against Cloud-IAM deployments. We recommend the use of terraform.

How to be sure our custom extensions does not break Keycloak?

Once you upload or update an existing extension through our dashboard, it triggers a cluster upgrade.
It's your responsibility to first test (automatically or not) the custom extension on a non-production environment, you can create others Keycloak deployment from Cloud-IAM dashboard and API.

How much traffic can the service handle?

Cloud-IAM hosting scales automatically to handle millions of concurrent visits. All plans serve requests through premium network.

What about your availability and security?

Cloud-IAM is monitored 24/7. Answers to security questions are available on our security page. Our highly scalable infrastructure brings us 100% uptime since Cloud-IAM first steps back in 2018. Unbeaten. Our operation team breathe only to keep that way.

Can I cancel anytime?

Yes, your subscription can be canceled anytime. Please email us from your subscription email account at, we will assist you with the cancelation.

Will I be able to export my data?

For every dedicated hosting subscription, Cloud-IAM provide dumps of the dedicated PostgreSQL database that you can safely reimport into your own database. Account's password are of course hashed and will work on your own Keycloak setup. No vendor lock-in!

Do you expose Keycloak API?

Yes, no matter the plan get ouf of the box a full access to Keycloak REST API.

What's the size of your team?

Cloud-IAM is a team of more than 30 engineers dedicated to hosting, managing and tuning Keycloak Clusters and JVM based software. Every member of our team do consulting and training from simple authentication use-case to advanced authorizations setup.

Is your company viable?

Yes, Cloud-IAM launched in late 2018. We're profitable, privately owned, and in this for the long-haul. Since our first day we've helped thousands of developers deploy their Keycloak clusters. Rest assured it is not going anywhere. You can expect our products to be always on your side and help you along the way as you build and grow your business.

Yep. Authz is hard.

Our team specialized over the past years on IAM technologies and Keycloak.
We helped companies of various size setup and configure their IDM (Identity Management).
We trained various technical team to use Keycloak APIs and build secure services over it.
Need our help? We are one email away.

We've helped them.

Yum brand logoRegion bretagneOuest-France