All Keycloak extensions at a glance

Modules for Delegation, Security and Operations – Used Individually or Combined

Select the extensions that solve your requirements. Each module can be used independently and combined with others. We support you with selection, integration and operations – with optional managed service.
Multi-Tenant Delegation MFA License check API

Book a free
consultation call now

Online and fast

available time slots
Choose a time slot

Delegation & partner structures

Modules for B2B portals, enterprises and partner networks

Invitation Extension

Invite users before they have an account. Roles, tenants and validity period are defined with the invitation – onboarding runs automatically.

Invitations with role assignment and tenant context
Time-limited validity with reminders
API- and UI-based management

Tenant Extension

Multi-tenancy within a realm. Each tenant gets its own attributes, roles and contexts – ideal for SaaS, B2B and enterprise structures.

Flexible attribute templates per tenant
Context-based roles and permissions
Multi-tenant without separate realms

User Portal Extension

Self-service portal for delegated administrators. Partner admins manage their users, roles and settings in a dedicated interface.

User management in the tenant context
Role and group assignment via self-service
Audit logs for compliance

License Management Extension

Quotas and limits per tenant or user group. The extension checks licenses in the login flow and automatically blocks when limits are exceeded.

Seat-based, named user or company license
Automatic check during login
License info in the token for applications

Security & authentication

Flexible MFA configuration and SMS-based two-factor authentication

MFA Selection Extension

Users choose their preferred MFA method during login – TOTP, SMS or passkey.

Selection screen for registered MFA methods
Supports TOTP, passkeys and SMS

SMS Provider Extension

Connects existing SMS services to Keycloak. Central management of templates and failover gateways.

Integration of existing SMS gateways
Template management per language/tenant
Failover with multiple gateways

SMS MFA Extension

Two-factor authentication via SMS. The user receives a one-time password and enters it during login – without installing an app.

OTP via SMS with configurable validity
Customizable SMS texts and placeholders
Audit trail for compliance

Development & operations

Tools for rollouts, data quality and API documentation

Feature Toggle Extension

Feature flags in the token – enable or block functions without deployment.

Flags global, per tenant or per group
Can be combined with license management

Regex LDAP Mapper

Extracts structured attributes from complex LDAP fields using regular expressions.

Regex-based transformation
Automatic extraction during import/login

OpenAPI Extension

Generates OpenAPI specifications for your Keycloak extensions with an interactive UI.

Automatic API documentation
OpenAPI 3 compliant and exportable

Services around the extensions

Integration, testing and operations from a single source

We support you in selecting the right modules and take care of integration, testing and, optionally, operations.
Workshops for module selection and requirements analysis
Integration based on Keycloak best practices
Managed Keycloak with SLAs, monitoring and support

Custom extensions

When standard modules are not enough

Do your requirements go beyond our standard extensions? We develop custom solutions – additional authenticators, integrations or policies.
Custom providers and policies
Integration with your systems (ERP, CRM, etc.)
Handover and onboarding of your team

Which extensions fit your project?

Let’s choose the right modules together.

Frank Tripp Head of Identity & Access Management c.frank.tripp@loginfactor.com 05251 5449490
Frank Tripp