Integrating identity providers

An Identity Broker is an intermediary service connecting service providers with identity providers. The identity broker creates a relationship with an external identity provider to use the provider’s identities to access the internal services the service provider exposes.

From a user perspective, identity brokers provide a user-centric, centralized way to manage identities for security domains and realms. You can link an account with one or more identities from identity providers or create an account based on the identity information from them.

An identity provider derives from a specific protocol used to authenticate and send authentication and authorization information to users. It can be:

  • A social provider such as Facebook, Google, or Twitter.

  • A business partner whose users need to access your services.

  • A cloud-based identity service you want to integrate.

Typically, Keycloak bases identity providers on the following protocols:

  • SAML v2.0

  • OpenID Connect v1.0

  • OAuth v2.0