Thanks for the videos. Appreciate your contribution towards Keycloak community.

Thanks for posting this! It gave me confidence that I chose the right approach for my use case! (1 realm per tenant) 😄👍

Great explanation ! Thanks you very much. Option 3 looks like an over-engineering , introducing additional complexities.

Thank you very much, coming across your videos helped me and keeps helping me to gain more profound knowledge on Keycloak!

New subscriber here. Thanks for the information, your a lifesaver

Hey, thank you very much for your explanation. Do you have some resource references for the "n Tenant Realms + 1 Application Realm" scenario? I can't find any example how to set this up.

I'm trying to implement this situation right now and it's really confusing to choose the best way, since I don't have previous experiences with keycloack and multi-tenant

Nice!

@dasniko Have you also videos about using Keycloak as a resource server?

Could you please share any design documents on the KeyCloack-multi-tenancy implementation?

Hello, I would like to assign the role "LDAP administrator of a realm" to a user who could administer the OU corresponding to the realm, so the user would be "base DN" in the LDAP settings and create the groups, roles and users with rights on this realm.

good job

2 users A and B under same profile and Role. How can I restrict records of A to B and Vise versa in keycloak Can you please let me know about this

Great video mate. I need 1 realm per tenant but saw several posts about performance issues with large numbers of realms. Will the new JPA storage solve that? We'll eventually have many thousands of realms with a small number of users each. Using Postgres as the db.

Thanks for the explanation. I just have one question when it comes to one realm and adding some custom SPI for organization/tenant feature. Is there any possibility to have a custom implementation for "access token life span" at tenant level? Currently, it can only be configured by realm and client level so I'm thinking about the use-case if client belongs to many tenants and they wanted to have different "access token lifespan". Thanks

Very nice Vidéo! Some points notice fo the next one: - include some graphs: Looking at one person just talking is fun (kind of?) but a good graph a is worth a thousant explanation - For the option 3, qhat if we're using one UserStorage SPI for every realms ? 😂😂😂😂

Thanks Niko, I have one question though in one of my requirements is that different tenants should have different databases as well (one of the arch decisions other than the option of having single database with tenant identifier , here realmId) , is that possible in Keycloak ?

Thanks Niko for the explanation, Iam choosing Option 2 , but I want to know if its possible to make cross realms login for users , ir order to access clients in different realms, thanks