A Keycloak Security Audit is a systematic security review of your Keycloak installation by loginfactor. All security-relevant configurations are checked: realm settings, client configurations, authentication flows, identity federation, roles and permissions, as well as operational aspects. You receive a documented report with all findings, risk assessment and prioritized recommendations – usable for internal documentation or external compliance audits.
Keycloak is powerful but complex – and misconfigurations often go unnoticed until it’s too late. An audit by loginfactor uncovers typical weaknesses: wildcard redirect URIs that enable phishing, missing PKCE for public clients, token lifetimes that are too long, disabled brute-force protection or forgotten admin accounts. Especially if your installation has grown, was taken over from a predecessor, or a compliance audit is upcoming, a security audit provides clarity.
loginfactor recommends: at least once a year, and additionally after major changes (new identity providers, major upgrades, architecture changes). For organizations with compliance requirements, a regular cadence makes sense – semi-annually or annually, depending on risk class. loginfactor offers audit agreements with predictable costs.
A Keycloak audit reviews configuration and best practices from the inside – with admin access and a documentation goal. A penetration test simulates attacks from the outside, without insider knowledge. Both complement each other: the audit systematically finds misconfigurations, the pentest shows what an attacker could actually exploit. loginfactor performs security audits; for pentests we recommend specialized partners.
loginfactor offers three audit formats: (1) One-off audit – comprehensive baseline assessment with a detailed report for a snapshot. (2) Recurring audit – repeated review (semi-annually or annually) for continuous security and compliance. (3) Workshop format – joint analysis with your team including knowledge transfer, so you can review things yourself in the future.
Costs depend on scope and complexity: number of realms, connected identity providers, custom extensions and desired depth of analysis. A typical audit for a medium-sized installation is in the low four-digit range. After a free initial call, loginfactor provides an individual quote – non-binding and transparent.
After an initial call, we jointly define the working mode: remote analysis with read-only access to your admin console, a shared session via remote desktop, or a workshop on site or online. Depending on scope, the analysis itself takes a few days. You receive a documented report with all findings, risk assessment and prioritized recommendations. Optionally, we review the results together and plan the implementation.
Yes. The audit report from loginfactor documents the security status of your IAM infrastructure – exactly what auditors want to see. It shows identified risks, checks performed and recommended measures. Many customers use the report as evidence for their ISMS or as a basis for action plans in the context of certifications.
Yes. On request, loginfactor implements all audit recommendations: configuration changes, extension development, performance optimization, architecture adjustments or migration to managed hosting. This way, you get analysis and solution from a single source – without ramping up a new service provider.
Yes. In addition to audits and consulting, loginfactor also offers Managed Keycloak: cloud hosting in EU-based data centers (GDPR-compliant, no non-EU cloud provider) or on-premises support for your own infrastructure. After an audit, it is often the ideal time to switch to managed hosting – the configuration is reviewed, weaknesses are documented, and loginfactor already knows your environment.
