Keycloak MCP Server

Manage Keycloak
just chatting with an AI Agent

We offer the Keycloak MCP server - a powerful new way to manage Keycloak using natural language through LLMs and AI agents.

Get Started
How Works

Get Started

Keycloak MCP Server

The Keycloak MCP server allow to use natural language through LLMs and AI agents to manage your Keycloak instance.
The Model Context Protocol (MCP), developed by Anthropic, is an open standard that enables large language models (LLMs) to interact with external tools, services, and resources in a consistent and secure way.
Users can govern and monitor their Keycloak instances, ensuring seamless execution of tasks

Keycloak MCP Server Explained

Keycloak MCP Server Use Cases

Users can govern and monitor their Keycloak instances, ensuring seamless execution of tasks. Here's a cool demo with ๐Ÿง  VS Code + Copilot (GPT-4o) showcasing several IAM use cases:

๐Ÿง‘โ€๐Ÿ’ป List all keycloak users in the current realm
๐Ÿง‘โ€๐Ÿ’ป Show all available keycloak roles
๐Ÿง‘โ€๐Ÿ’ป List all configured keycloak clients
๐Ÿง‘โ€๐Ÿ’ป Create a keycloak public client for my bank-portal with redirect uri
๐Ÿง‘โ€๐Ÿ’ป List available keycloak authentication flows
๐Ÿง‘โ€๐Ÿ’ป Get keycloak Browser flow and describe each authentication step


Here is just an overview since we support more than 40 tools/actions โ€” the sky is the limit!

Keycloak MCP Server Features

Here are some features of the MCP Server, and we are continuously evolving it.

Supported critical Tools

We allow management of users, clients, roles, groups, and more.

OAuth 2.0 Support

Supports OAuth 2.0 for Access Delegation and Coarse-Grained Authorization (CGA) protection.

Tools filtering

Allows initialization-time filtering to expose only the needed tools.

FGA Authorization

Integration with OpenFGA to enable fine-grained authorization capabilities and enhance security through Relationship-Based Access Control (ReBAC) policies.

Deploy the MCP Server in just a few easy steps.

The Keycloak MCP Server run as container to portability and scalability.

  • Step 1: Download

    Get an active subscripcion and dowload the docker image from private GitHub repo.

  • Step 2: Configure the platform

    Just configure the platform to your Keycloak deployment and the desired tools.

  • Step 3: Configure FGA if needed

    Configure OpenFGA to enable fine-grained authorization

  • Ready!

Keycloak MCP Server Secure Access

If you want to use the Keycloak MCP Server securely with our AI agent and platform, please check out the platform Agent AI Identity Access Plus.

Agentic AI Identity Access Plus Platform