With Keycloak and loginfactor, new partners can be enabled from contract signature to first login in minutes instead of days. loginfactor provides partner templates (preconfigured tenant structures with roles, policies and permissions), automatic derivation of permissions from contract data and self-service registration for partner admins. Admin overhead is minimized: new partner organizations are provisioned automatically, including standard roles and SSO configuration. Optionally, onboarding can be automated via API or CSV import for bulk onboardings.
loginfactor offers the Delegated Administration Extension for Keycloak – a custom implementation that goes beyond the standard Keycloak Organizations feature. Partner admins manage their employees’ accounts independently via a self-service portal: create sub-accounts, assign roles, block or delete employees, send invitations. The extension supports tenants within the realm (multi-tenancy), hierarchical organizational structures, delegated role assignment and invitation workflows. This reduces support requests and gives enterprise customers full control over their internal access – without your IT team having to create every account manually.
Yes. loginfactor offers two extensions for contract-based access control: the contract management module ties access to terms of use, T&Cs and purchasing conditions. Before partners access a portal or an application, they (or a supervising admin in the tenant) must consent. Updates to documents trigger renewed consent requirements. The license extension checks whether a user has a specific license before access to an application is granted. It also supports concurrent-login limits (e.g., only 3 simultaneous logins per tenant). If a partner books a new module, access is enabled immediately. Upon cancellation or a contract pause, access is automatically blocked – without manual IT tickets.
Yes. Keycloak scales horizontally and grows from 10 to 1,000+ partners without additional effort. For B2B portals, loginfactor relies on multi-tenancy (isolated tenants within a realm), automated permissions via groups and roles, and self-service administration to reduce support load. For critical systems, we implement high-availability architectures with load balancing, redundant hardware clusters and session replication. In bring-your-own-cloud deployments, multi-AZ setups with geographic redundancy are possible on request. Keycloak can manage millions of users and thousands of partner companies – loginfactor provides monitoring, performance tuning and scaling strategies for growing partner ecosystems.
Yes. loginfactor migrates existing partner and user accounts from legacy portals to Keycloak: batch migration with password-hash compatibility (bcrypt, PBKDF2, SHA-256, etc.) or on-login migration (users are migrated automatically on first login). We plan attribute mapping, the transfer of organizational structures (tenants, roles, groups) and rollback strategies. Your partners keep their credentials and ideally don’t notice the system change. loginfactor performs migrations for B2B portals with SAP, Salesforce, Microsoft Dynamics and custom systems.
loginfactor offers Managed Keycloak with service level agreements (SLAs) starting at 99.9% availability, optionally up to 99.95%. Hosting can be in your cloud (AWS, Azure, Google Cloud), on-premises or as SaaS in EU-based data centers. Included: 24/7 monitoring, automatic backups (daily with point-in-time recovery), security updates, high-availability architecture (redundant hardware clusters, automatic failover) and optional 24/7 support. For critical B2B portals we use zero-downtime deployments, disaster recovery strategies and incident management with defined response times. For bring-your-own-cloud scenarios, we can implement multi-AZ deployments for geographic redundancy.
