Public-sector organizations process sensitive data: registry data, insurance data, health data. Non-EU cloud providers can be compelled to disclose data under their local laws. Keycloak is open source and can be operated entirely in EU-based data centers or on-premises – without dependency on non-EU providers. loginfactor hosts Keycloak either in EU-based data centers or in your own infrastructure. All data stays within the EU.
Yes. Keycloak is suitable for cross-organization authentication: federated identities across organizational boundaries, SSO between line-of-business systems of different organizations, SAML- and OpenID-Connect-based trust relationships. Typical scenarios: employees of one organization access systems of another organization, users use one central account for multiple portals, consortia share a central Keycloak instance.
Keycloak provides comprehensive role management for the public sector: organization-based roles (departments, units, teams) and application-specific permissions. loginfactor implements differentiated access concepts: case workers see only their own cases, team leads have access to team cases, executives receive reporting access. Logins are recorded in an audit-proof manner for data protection officers and audits.
Yes. Keycloak is suitable for member, policyholder and citizen portals: secure registration with email verification, MFA for additional security, self-service for profile management and account functions. loginfactor implements portals with intuitive login flows and role-based permissions: users see only their own data, case workers have context-based access. User roles and attributes are kept up to date and transmitted to line-of-business systems on every login.
loginfactor hosts Keycloak either in EU-based data centers, in your own cloud or on-premises. All personal data remains within the EU. loginfactor implements data protection requirements: data minimization, role-based access control, self-service for citizens (profile management, account deletion), and audit-proof events.
Yes. Keycloak provides standardized, proven security – tested and continuously improved. Custom-built login systems are error-prone and require ongoing maintenance. With Keycloak, you get MFA, password policies and session management from a single source. And if additional line-of-business systems or portals are added later, SSO is already prepared.
Managed Keycloak means: Keycloak runs reliably without you having to take care of operations. loginfactor handles updates, security patches, monitoring and scaling. You have a point of contact who understands IAM – not just infrastructure. Your IT team can focus on core tasks. With self-hosting, you need in-house know-how for high availability, security hardening and performance optimization – and you must maintain that expertise long-term.
loginfactor specializes in identity & access management – not just infrastructure with Keycloak in the portfolio. loginfactor brings its own extensions (self-service, delegated administration) that are missing in standard Keycloak. Managed hosting exclusively in EU-based data centers, consulting for complex public-sector scenarios and support in English and German complete the offering.
