Keycloak Identity and Access Management as a Service

Perfectly configured and optimized Keycloak IAM, ready in seconds. Keycloak without the pain.

  • No vendor lock-in
  • Reliable & elastic
  • 99.95% SLA
  • Always up to date
  • Secure
  • GDPR Compliant
  • Fully customizable
  • 2FA & OTP
  • White-label
Cloud-IAM Keycloak as a Service
Keycloak in cluster

Fully Managed Keycloak

Cloud IAM automates every part of setup, running and scaling of Keycloak clusters. Available on all major cloud and application platforms all over the world. Let your team focus on what they do best - building your product. Leave server management and monitoring to the experts.


We are here

We provides complete Keycloak support, from emergency services through daily operational support, to strategic planning. We’re here for your identity ops.


Easy Monitoring

Our control panel offers various tools for monitoring and alarms. Now you can address performance issues promptly and automatically, before they impact your business. Cloud IAM make it easy to setup custom alarms via email, webhooks and external services.

Stay in control


IAM is a critical piece

An Identity and Access Management (IAM) service is the central piece of any Information System., it's critical, it must be Highly Available (HA) and scalable.

On-call IAM ops

On-call ops 24/7

Keycloak IAM is hard to secure, maintain, monitor, scale, upgrade and backup.
90% of companies don't have the internal resources to maintain and scale 24/7 their own IAM service.
We do.


Data & Sovereignty

IAM Cloud solutions are usually vendor-locked, closed-source and managed only from USA or China based Clouds. Cloud-IAM does not lock your data nor your software. Cloud-IAM is fully based on Keycloak open-source solution and support both European Cloud Providers and major USA Clouds.

Cloud-IAM's products

Keycloak consulting

Get the most out of your IAM with help from Cloud-IAM’s Keycloak experts.

Good feedback

Get support when and where you need it

You can rest easy with ongoing SLA-based operations and production management for Keycloak


Get end-to-end service

Our keycloak consultant can provide deployment, configuration, and management of Keycloak on-premises or on leading cloud platforms through Cloud-IAM.


We are here

Develop better Keycloak solutions faster by accessing our integrated teams of Keycloak, cloud, security experts, and technical consultants

Cloud-IAM's services

Cloud-IAM vs the alternatives

TL;DR: Pain, suffering, proprietary and vendor lock-in

Self-hosted Keycloak




Futur-proof and Choice reversibility
No Vendor Lock-in & Open-Source
green tick
green tick
Security & Patch Management
Infrastructure & security updates
Your ops job.
green tick
green tick
green tick
High Availability & SLA
Your ops job.
green tick
green tick
green tick
Infrastructure & Data sovereignty
Data stay in your region (e.g. Europe)
Your job.
Only on AWS or Azure.
‍Costs more
Only on AWS
green tick
Private Cloud outside of GAFAM
green tick
European Company
green tick
dedicated infrastructure
per deployments
green tick
green tick
GDPR compliant
Your job.
green tick
green tick
green tick
IAM Development Services
green tick
Dedicated day per month with
Cloud-IAM's Keycloak experts
green tick

Our last news

Frequently asked questions

Answers to the burning questions in your mind.

Have a different question?
Contact us
Can I trial Cloud-IAM before paying?

Sure! Create a free account right now. No credit-card required. When you are ready just come back here and subscribe.

What's a realm?

A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

Where are my users stored?

For every dedicated hosting subscription, users are safely stored into highly available and continuously backed up PostgreSQL databases.

What happens when I reach a plan limit?

Cloud-IAM plan's limits are soft limits. When one of your deployments reach its plan limits (e.g. maximum number of users), our team will be notified and will contact you to talk about what to do next : either remove users or realms or upgrade to a bigger subscription plan. We never stop our customer deployments without multiple prior notice.

What does "maximum users for all realms" means?

Users are entities that are able to log into your system. They can have attributes associated with themselves like email, username, address, phone number, and birth day. They can be assigned group membership and have specific roles assigned to them.
The maximum users for all realms is a plan limit that varies between subscription's plan. This figure the total user count in Keycloak deployments. It sums the number of active and inactive users managed in Keycloak in every realms.

How do I import my users?

Batch CSV import is available through support requests. For advanced use-case (e.g. custom authentication setup that you want to migrate to Keycloak) we advice our customer to implement and upload a custom extension (jar).

Can I cancel anytime?

Yes, your subscription can be canceled anytime. Please contact us in your dashboard, we will assist you with the cancelation.

Will I be able to export my data?

For every dedicated hosting subscription, Cloud-IAM provide dumps of the dedicated PostgreSQL database that you can safely reimport into your own database. Account's password are of course hashed and will work on your own Keycloak setup. No vendor lock-in!

What can I white label?

Everything! Subscribe to a dedicated plan (starting with Roaring Rabbit plan) to fully customize your Keycloak, domain name.

Do you do OTP with SMS?

No we don't and you should not.

Are you GDPR compliant?

Yes, Cloud-IAM is fully GDPR compliant and can easily execute a data processor agreement with your company if needed.

How much traffic can the service handle?

Cloud-IAM hosting scales automatically to handle millions of concurrent visits. All plans serve requests through premium network.

How email sending is handled?

Cloud-IAM customers can configure an SMTP server inside Keycloak administration console in order to send emails. It's completely self-service.

Will I have to expose my LDAP or Active Directory ?

Yes just like with ADFS you will have to expose your LDAP / Active Directory over interne however we provide the IP list of your deployed Keycloak cluster nodes so you will be able to only authorize them to connect.
Custom plans also have a VPC peering option.

How to manage configuration between environments?

All tools that automates Keycloak configuration management between production and other environments (e.g. Staging) are available against Cloud-IAM deployments. We recommend the use of terraform.

How to be sure our custom extensions does not break Keycloak?

Once you upload or update an existing extension through our dashboard, it triggers a cluster upgrade.
It's your responsibility to first test (automatically or not) the custom extension on a non-production environment, you can create others Keycloak deployment from Cloud-IAM dashboard and API.

Yep. Authz is hard.

Our team specialized over the past years on IAM technologies and Keycloak.
We helped companies of various size setup and configure their IDM (Identity Management).
We trained various technical team to use Keycloak APIs and build secure services over it.
Need our help? We are one email away.

We've helped them.

Yum brand logoRegion bretagneOuest-France