Login & security
TLS enforcement, brute-force protection, browser security headers, remember-me. Open →
A user pool is a SavvyTechies-managed Keycloak realm: an isolated identity space with its own users, applications, login flow, and security policy. This section is a per-setting reference — what each setting does, the value we recommend, and the three ways to change it.
Login & security
TLS enforcement, brute-force protection, browser security headers, remember-me. Open →
Passwords & MFA
Password policy, OTP/TOTP, WebAuthn passkeys, step-up authentication. Open →
Tokens & sessions
Access-token lifespan, SSO idle/max timeouts, refresh-token rotation. Open →
Registration & email
Self-registration, email verification, forgot-password, login with email. Open →
Single sign-on (SSO)
External identity providers — Google, Entra ID, Okta, generic OIDC/SAML, LDAP. Open →
Applications (clients)
Register OIDC and SAML apps, redirect URIs, PKCE, flows, client secrets. Open →
Login branding
Colors, logo, corner style, and custom CSS across all login pages. Open →
Events & audit
User and admin event logging, retention, and where the data goes. Open →
Run the Keycloak Analyzer against a realm export to get an instant security & production-readiness score. It flags exactly the settings on these pages — weak password policy, brute-force off, wildcard redirects, long-lived tokens, missing audit logging — and nothing is stored.
New user pools ship secure: TLS required, brute-force protection on, a strong password policy, short access tokens with refresh-token rotation, PKCE required for public clients, email verification on, and audit logging enabled. Every page below tells you the default and how to change it.