[{"data":1,"prerenderedAt":717},["ShallowReactive",2],{"navigation":3,"/blog/hidden-costs-of-keycloak":110,"/blog/hidden-costs-of-keycloak-surround":712},[4],{"title":5,"path":6,"stem":7,"children":8,"page":109},"Blog","/blog","blog",[9,13,17,21,25,29,33,37,41,45,49,53,57,61,65,69,73,77,81,85,89,93,97,101,105],{"title":10,"path":11,"stem":12},"The difference between authentication and authorization","/blog/auth-vs-authz","blog/auth-vs-authz",{"title":14,"path":15,"stem":16},"Best of Breed vs. Monolithic Systems","/blog/best-of-breed-vs-monolithic-systems-finding-the-best-software-solution-philosophy","blog/best-of-breed-vs-monolithic-systems-finding-the-best-software-solution-philosophy",{"title":18,"path":19,"stem":20},"How Sports Organizations Use CIAM to Manage Digital Identity","/blog/ciam-sports-organizations","blog/ciam-sports-organizations",{"title":22,"path":23,"stem":24},"What Is Federated Identity and How Does It Work?","/blog/federated-identity-explained","blog/federated-identity-explained",{"title":26,"path":27,"stem":28},"Hidden Costs of Keycloak: What Your Team Needs to Budget For","/blog/hidden-costs-of-keycloak","blog/hidden-costs-of-keycloak",{"title":30,"path":31,"stem":32},"How companies increase digital sales with Unidy","/blog/how-companies-increase-digital-sales-with-unidy","blog/how-companies-increase-digital-sales-with-unidy",{"title":34,"path":35,"stem":36},"HSV.ID: How Hamburger SV Built 500,000+ Activatable Fan Profiles with Centralized Identity","/blog/hsv-fanprofile-unidy-success","blog/hsv-fanprofile-unidy-success",{"title":38,"path":39,"stem":40},"What Is Keycloak? Essential Guide to IAM and Single Sign-On","/blog/keycloak","blog/keycloak",{"title":42,"path":43,"stem":44},"The Essential Guide to Login Page Conversion Optimization","/blog/login-page-conversion-optimization","blog/login-page-conversion-optimization",{"title":46,"path":47,"stem":48},"Top Membership Management Software Solutions: 2026 Comparison Guide","/blog/membership-management-software","blog/membership-management-software",{"title":50,"path":51,"stem":52},"Newsletter Subscription Management Best Practices","/blog/newsletter-subscription-management","blog/newsletter-subscription-management",{"title":54,"path":55,"stem":56},"Passkey Authentication for Sports Clubs: 5 Steps to Get Started","/blog/passkey-authentication-sports-clubs","blog/passkey-authentication-sports-clubs",{"title":58,"path":59,"stem":60},"The rise of Passkeys as the next generation authentication method","/blog/passkeys-authentication","blog/passkeys-authentication",{"title":62,"path":63,"stem":64},"Passwordless Authentication Benefits: 7 Reasons to Make the Switch in 2026","/blog/passwordless-authentication-benefits","blog/passwordless-authentication-benefits",{"title":66,"path":67,"stem":68},"SAML vs. OIDC: What is the Best Approach for Your Business?","/blog/saml-vs-oidc","blog/saml-vs-oidc",{"title":70,"path":71,"stem":72},"SCIM: How Automated User Provisioning Transforms Customer Identity Management","/blog/scim-identity-management","blog/scim-identity-management",{"title":74,"path":75,"stem":76},"The Social Media Monetization Gap: Why Sports Clubs with Millions of Followers Own Almost No Fan Data","/blog/social-media-monetization-gap","blog/social-media-monetization-gap",{"title":78,"path":79,"stem":80},"The End of Third-Party Cookies","/blog/the-end-of-third-party-cookies","blog/the-end-of-third-party-cookies",{"title":82,"path":83,"stem":84},"Unidy and Data Talks Partner to Transform Zero-Party Data Management","/blog/unidy-data-talks-partnership-zero-party-data","blog/unidy-data-talks-partnership-zero-party-data",{"title":86,"path":87,"stem":88},"Proven User Onboarding Best Practices for Growth","/blog/user-onboarding-best-practices","blog/user-onboarding-best-practices",{"title":90,"path":91,"stem":92},"What is a Single-Sign-On and why is it important?","/blog/what-is-a-sso-and-why-is-it-important","blog/what-is-a-sso-and-why-is-it-important",{"title":94,"path":95,"stem":96},"What is a White Label Solution and why is it beneficial?","/blog/what-is-a-white-label-solution-and-why-is-it-beneficial","blog/what-is-a-white-label-solution-and-why-is-it-beneficial",{"title":98,"path":99,"stem":100},"What is our multibrand feature?","/blog/what-is-our-multibrand-feature","blog/what-is-our-multibrand-feature",{"title":102,"path":103,"stem":104},"Where we come from and where we want to go","/blog/where-we-come-from-and-where-we-want-to-go","blog/where-we-come-from-and-where-we-want-to-go",{"title":106,"path":107,"stem":108},"White-Label Identity Management: The Complete Guide","/blog/white-label-identity-management","blog/white-label-identity-management",false,{"id":111,"title":26,"authors":112,"badge":117,"body":119,"date":703,"description":129,"extension":704,"image":705,"meta":707,"navigation":708,"path":27,"seo":709,"stem":28,"tags":710,"__hash__":711},"posts_en/blog/hidden-costs-of-keycloak.md",[113],{"name":114,"avatar":115},"Unidy Team",{"src":116},"/images/blog/bm.png",{"label":118},"Technology",{"type":120,"value":121,"toc":657},"minimark",[122,126,130,133,138,141,144,179,182,186,194,197,217,220,224,227,232,235,238,242,249,252,256,259,262,266,274,278,286,290,293,296,300,303,306,310,318,322,325,329,332,336,339,348,352,360,364,372,376,379,383,386,390,398,402,405,409,412,416,419,423,426,429,449,452,456,459,556,559,563,566,570,573,577,585,589,592,596,599,603,606,618,626,632,636,640,643,647,650,654],[123,124,26],"h1",{"id":125},"hidden-costs-of-keycloak-what-your-team-needs-to-budget-for",[127,128,129],"p",{},"Keycloak's Apache 2.0 license costs exactly zero dollars, which makes it an attractive starting point for teams evaluating identity management options. That zero-dollar figure, however, represents only the software license—not the infrastructure, engineering time, security work, or compliance efforts required to run it reliably.",[127,131,132],{},"The gap between \"free to download\" and \"free to operate\" catches many organizations off guard, sometimes months into a deployment. This guide breaks down the actual cost categories your team will encounter, from cloud hosting and DevOps investment to security patching and integration development, so you can budget accurately before committing.",[134,135,137],"h2",{"id":136},"why-keycloaks-zero-dollar-license-comes-with-significant-costs","Why Keycloak's zero-dollar license comes with significant costs",[127,139,140],{},"Keycloak is open-source and free to license, yet its hidden costs stem from high operational expenditures that result in a high Total Cost of Ownership (TCO). The \"free\" label applies only to the software license—not to the servers, engineers, security work, and compliance efforts required to run it in production. Many teams discover this gap only after they've committed to a self-hosted deployment.",[127,142,143],{},"The cost categories that typically surprise organizations include:",[145,146,147,155,161,167,173],"ul",{},[148,149,150,154],"li",{},[151,152,153],"strong",{},"Infrastructure costs:"," Servers, databases, load balancers, and cloud resources",[148,156,157,160],{},[151,158,159],{},"Personnel costs:"," Engineering time for setup, maintenance, and around-the-clock support",[148,162,163,166],{},[151,164,165],{},"Security costs:"," Patching, vulnerability management, audits, and penetration testing",[148,168,169,172],{},[151,170,171],{},"Compliance costs:"," Documentation, certifications, and EU data residency requirements",[148,174,175,178],{},[151,176,177],{},"Integration costs:"," Connecting Keycloak to CRMs, CDPs, and marketing tools",[127,180,181],{},"Understanding each category upfront helps your team budget realistically rather than discovering shortfalls mid-project.",[134,183,185],{"id":184},"what-is-total-cost-of-ownership-for-keycloak","What is Total Cost of Ownership for Keycloak",[127,187,188,193],{},[189,190,192],"a",{"href":191},"https://www.unidy.io/blog/membership-management-software","Total Cost of Ownership"," (TCO) is a financial framework that captures all direct and indirect costs of deploying and operating software over its lifecycle. For self-hosted identity solutions like Keycloak, TCO extends far beyond the zero-dollar license to include everything from cloud bills to engineer salaries to security audits.",[127,195,196],{},"TCO for Keycloak breaks down into three layers:",[145,198,199,205,211],{},[148,200,201,204],{},[151,202,203],{},"Direct costs:"," Infrastructure hosting, database services, monitoring tools",[148,206,207,210],{},[151,208,209],{},"Indirect costs:"," Engineering salaries, opportunity cost of building versus buying",[148,212,213,216],{},[151,214,215],{},"Ongoing costs:"," Maintenance, upgrades, security patching, compliance efforts",[127,218,219],{},"When evaluating Keycloak pricing, the question isn't whether the software is free. It's whether your organization can absorb the operational investment required to run it reliably over time.",[134,221,223],{"id":222},"keycloak-hosting-and-infrastructure-costs-you-cannot-avoid","Keycloak hosting and infrastructure costs you cannot avoid",[127,225,226],{},"Self-hosting Keycloak means your organization pays for and manages all underlying infrastructure. These aren't one-time expenses—they're recurring monthly costs that scale with your user base and availability requirements.",[228,229,231],"h3",{"id":230},"cloud-compute-and-database-resources","Cloud compute and database resources",[127,233,234],{},"Running Keycloak in production requires virtual machines or containers, a persistent relational database like PostgreSQL or MySQL, and load balancers to distribute traffic. Even a modest deployment across development, staging, and production environments can generate substantial monthly cloud bills.",[127,236,237],{},"A basic AWS deployment with Aurora database, Application Load Balancer, and ECS containers might cost several hundred dollars monthly before accounting for high availability or geographic distribution.",[228,239,241],{"id":240},"high-availability-and-disaster-recovery","High availability and disaster recovery",[127,243,244,248],{},[189,245,247],{"href":246},"https://www.unidy.io/blog/auth-vs-authz","Authentication systems"," are critical infrastructure. When login fails, every connected application becomes inaccessible. Production-grade deployments therefore require redundant Keycloak instances across multiple availability zones, automated failover configurations, and database replication.",[127,250,251],{},"Keycloak uses Infinispan for distributed caching in clustered deployments, which adds configuration complexity and additional infrastructure requirements. Setting up multi-site or high-availability clusters increases both cost and operational burden significantly.",[228,253,255],{"id":254},"monitoring-and-observability-tools","Monitoring and observability tools",[127,257,258],{},"Logging aggregation, metrics dashboards, and alerting systems help detect issues before users report them. Tools like Prometheus and Grafana—or their cloud-native equivalents—add to infrastructure spend while requiring configuration and maintenance expertise.",[127,260,261],{},"Without proper observability, debugging authentication failures becomes guesswork, and outages extend longer than necessary.",[134,263,265],{"id":264},"devops-and-engineering-time-investment","DevOps and engineering time investment",[127,267,268,269,273],{},"Personnel costs are often the largest hidden cost category for self-hosted Keycloak. The platform requires specialized identity and DevOps expertise that many organizations underestimate—or simply don't have on staff, with ISC2 finding ",[189,270,272],{"href":271},"https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study","59% face critical cybersecurity skills shortages",".",[228,275,277],{"id":276},"initial-setup-and-configuration","Initial setup and configuration",[127,279,280,281,285],{},"Getting Keycloak production-ready involves realm configuration, ",[189,282,284],{"href":283},"https://www.unidy.io/blog/white-label-identity-management","theme customization to match your brand",", identity provider connections for social logins or enterprise directories, and authentication flow design. A basic deployment might take several weeks. Enterprise implementations with custom integrations often require several months of focused engineering effort.",[228,287,289],{"id":288},"ongoing-maintenance-and-version-upgrades","Ongoing maintenance and version upgrades",[127,291,292],{},"Keycloak releases frequent updates, and upgrading requires testing in staging environments, managing database migrations, and addressing breaking changes between major versions. Teams commonly report spending more than three hours weekly on production environment maintenance alone.",[127,294,295],{},"This ongoing commitment compounds over time. Each upgrade cycle demands attention, and falling behind on versions creates security risks while making future upgrades more difficult.",[228,297,299],{"id":298},"on-call-support-and-incident-response","On-call support and incident response",[127,301,302],{},"Authentication systems require around-the-clock availability, which means on-call rotations, debugging login failures at inconvenient hours, and responding to user-reported issues. Unlike commercial solutions, there's no vendor support to escalate to when problems arise.",[127,304,305],{},"For small teams, this operational burden can actually make Keycloak more expensive than commercial solutions when accounting for labor costs and engineer burnout.",[134,307,309],{"id":308},"security-patching-and-vulnerability-management-costs","Security patching and vulnerability management costs",[127,311,312,313,317],{},"Self-hosting shifts all security responsibility to your team. Authentication systems are high-value targets for attackers, with the average breach ",[189,314,316],{"href":315},"https://www.ibm.com/reports/data-breach","costing $4.44 million in 2025"," according to IBM, making security a critical and ongoing cost center rather than a one-time consideration.",[228,319,321],{"id":320},"tracking-cves-and-security-advisories","Tracking CVEs and security advisories",[127,323,324],{},"Your team will actively monitor Keycloak security announcements and Common Vulnerabilities and Exposures (CVE) databases. Assessing which vulnerabilities affect your specific deployment configuration requires security expertise and dedicated attention.",[228,326,328],{"id":327},"testing-and-deploying-patches","Testing and deploying patches",[127,330,331],{},"Applying security patches isn't as simple as clicking \"update.\" Each patch requires staging environment testing, regression testing of authentication flows, coordinated production rollouts, and rollback planning. Rushing patches risks breaking login functionality, while delaying them risks security breaches.",[228,333,335],{"id":334},"security-audits-and-penetration-testing","Security audits and penetration testing",[127,337,338],{},"Compliance requirements often mandate external security audits and penetration testing of authentication infrastructure. These expenses fall entirely on your organization, and they recur annually or with each significant system change.",[340,341,342],"blockquote",{},[127,343,344,347],{},[151,345,346],{},"Tip:"," When calculating security costs, include not just the audit fees but also the engineering time required to prepare documentation, respond to findings, and implement remediation.",[134,349,351],{"id":350},"integration-development-costs-for-saml-and-openid-connect","Integration development costs for SAML and OpenID Connect",[127,353,354,355,359],{},"Connecting Keycloak to your existing tech stack requires development work. While Keycloak supports ",[189,356,358],{"href":357},"https://www.unidy.io/blog/saml-vs-oidc","SAML and OpenID Connect"," (OIDC) standards, real-world integrations often demand custom development beyond basic protocol configuration.",[228,361,363],{"id":362},"connecting-keycloak-to-crms-cdps-and-marketing-tools","Connecting Keycloak to CRMs, CDPs, and marketing tools",[127,365,366,367,371],{},"Integrating with Customer Relationship Management (CRM) systems, Customer Data Platforms (CDP), and marketing automation tools typically requires custom development. Keycloak's out-of-box integrations are limited compared to ",[189,368,370],{"href":369},"https://www.unidy.io/solution","managed identity platforms"," that offer hundreds of pre-built connectors.",[228,373,375],{"id":374},"building-custom-protocol-adapters-and-webhooks","Building custom protocol adapters and webhooks",[127,377,378],{},"When standard SAML or OIDC configurations prove insufficient, teams build custom Service Provider Interfaces (SPIs), event listeners, or webhook implementations. This Java-based extension work requires specialized expertise that development teams may not have readily available.",[228,380,382],{"id":381},"maintaining-integrations-as-systems-change","Maintaining integrations as systems change",[127,384,385],{},"Integrations aren't one-time efforts. Third-party APIs change, connected systems update, and ongoing maintenance ensures data synchronization continues working. Each integration becomes a long-term maintenance commitment that adds to your operational load.",[134,387,389],{"id":388},"compliance-documentation-and-gdpr-audit-costs","Compliance documentation and GDPR audit costs",[127,391,392,393,397],{},"Self-hosting makes your organization the responsible party for compliance. With regulators issuing ",[189,394,396],{"href":395},"https://secureprivacy.ai/blog/cost-of-gdpr-compliance","over €6.2 billion in GDPR fines"," since 2018, there's no vendor to provide certifications or handle audit responses on your behalf—you answer every security questionnaire yourself.",[228,399,401],{"id":400},"preparing-for-soc-2-and-industry-certifications","Preparing for SOC 2 and industry certifications",[127,403,404],{},"Meeting SOC 2, ISO 27001, or industry-specific compliance standards requires documentation, evidence collection, and process implementation. Your authentication infrastructure becomes part of your audit scope, adding complexity to certification efforts.",[228,406,408],{"id":407},"meeting-eu-data-residency-requirements","Meeting EU data residency requirements",[127,410,411],{},"GDPR and data residency regulations may require specific Keycloak hosting configurations within the EU. This affects infrastructure choices and potentially limits cloud provider options, sometimes increasing costs compared to US-based hosting.",[228,413,415],{"id":414},"managing-vendor-risk-as-the-system-owner","Managing vendor risk as the system owner",[127,417,418],{},"When customers and partners send security questionnaires, you're the \"vendor of record\" for identity infrastructure. Responding to these assessments requires time and expertise, and any gaps reflect on your organization's security posture.",[134,420,422],{"id":421},"scalability-costs-as-your-user-base-grows","Scalability costs as your user base grows",[127,424,425],{},"Keycloak costs don't scale linearly with user growth. Expanding user bases require more powerful infrastructure, performance tuning expertise, and potentially architectural changes that compound operational complexity.",[127,427,428],{},"Scaling challenges include:",[145,430,431,437,443],{},[148,432,433,436],{},[151,434,435],{},"Infrastructure scaling:"," Larger instances, more replicas, upgraded database tiers",[148,438,439,442],{},[151,440,441],{},"Performance tuning:"," Query optimization, caching strategies, session management",[148,444,445,448],{},[151,446,447],{},"Architectural changes:"," Clustering configuration, geographic distribution, CDN integration",[127,450,451],{},"Teams often underestimate how quickly these demands grow and how much specialized expertise they require.",[134,453,455],{"id":454},"how-keycloak-pricing-compares-to-managed-identity-solutions","How Keycloak pricing compares to managed identity solutions",[127,457,458],{},"Comparing self-hosted Keycloak TCO against commercial alternatives requires examining the full cost picture, not just license fees.",[460,461,462,478],"table",{},[463,464,465],"thead",{},[466,467,468,472,475],"tr",{},[469,470,471],"th",{},"Factor",[469,473,474],{},"Self-Hosted Keycloak",[469,476,477],{},"Managed Identity Platform",[479,480,481,493,504,515,524,535,545],"tbody",{},[466,482,483,487,490],{},[484,485,486],"td",{},"License cost",[484,488,489],{},"None",[484,491,492],{},"Subscription fee",[466,494,495,498,501],{},[484,496,497],{},"Infrastructure",[484,499,500],{},"Your responsibility",[484,502,503],{},"Included",[466,505,506,509,512],{},[484,507,508],{},"Maintenance",[484,510,511],{},"Your team",[484,513,514],{},"Vendor managed",[466,516,517,520,522],{},[484,518,519],{},"Security patching",[484,521,511],{},[484,523,514],{},[466,525,526,529,532],{},[484,527,528],{},"Compliance certifications",[484,530,531],{},"You obtain",[484,533,534],{},"Often included",[466,536,537,540,542],{},[484,538,539],{},"Support SLA",[484,541,489],{},[484,543,544],{},"Contractual",[466,546,547,550,553],{},[484,548,549],{},"Pre-built integrations",[484,551,552],{},"Limited",[484,554,555],{},"Extensive",[127,557,558],{},"The comparison often favors managed solutions for organizations without dedicated identity engineering teams or for those prioritizing speed to market.",[134,560,562],{"id":561},"how-to-estimate-and-budget-keycloak-costs-for-your-organization","How to estimate and budget Keycloak costs for your organization",[127,564,565],{},"Before committing to self-hosted Keycloak, calculating expected TCO helps avoid surprises down the road.",[228,567,569],{"id":568},"_1-calculate-infrastructure-and-hosting-spend","1. Calculate infrastructure and hosting spend",[127,571,572],{},"Estimate cloud compute, database, storage, and networking costs based on expected user volume and availability requirements. Factor in Keycloak hosting across development, staging, and production environments.",[228,574,576],{"id":575},"_2-estimate-personnel-hours-and-salary-costs","2. Estimate personnel hours and salary costs",[127,578,579,580,584],{},"Calculate engineering time for initial implementation, ongoing maintenance hours per month, and on-call coverage. Include the ",[189,581,583],{"href":582},"https://www.unidy.io/blog/best-of-breed-vs-monolithic-systems-finding-the-best-software-solution-philosophy","opportunity cost of building versus buying"," and of engineers not working on core product features.",[228,586,588],{"id":587},"_3-add-security-and-compliance-overhead","3. Add security and compliance overhead",[127,590,591],{},"Budget for security tooling, external audits, penetration testing, and compliance documentation efforts. These costs are often forgotten until audit time arrives.",[228,593,595],{"id":594},"_4-include-integration-and-customization-investment","4. Include integration and customization investment",[127,597,598],{},"Account for development time connecting Keycloak to existing CRM, CDP, and marketing tools. Include ongoing maintenance for these integrations as connected systems evolve.",[134,600,602],{"id":601},"when-a-ready-to-go-identity-platform-delivers-lower-total-cost","When a ready-to-go identity platform delivers lower total cost",[127,604,605],{},"Managed identity solutions often provide better value for teams without dedicated identity engineers, organizations prioritizing speed to market, or companies requiring EU-hosted GDPR compliance out of the box.",[127,607,608,609,613,614,273],{},"Platforms with extensive ",[189,610,612],{"href":611},"https://www.unidy.io/integrations","pre-built integrations"," eliminate much of the custom development work that drives Keycloak's hidden costs. When identity infrastructure includes built-in consent management, data synchronization, and compliance features, the ",[189,615,617],{"href":616},"https://www.unidy.io/lp/contact","TCO comparison shifts significantly",[127,619,620,621,625],{},"For organizations seeking to unify login experiences while avoiding operational complexity, ready-to-go solutions that combine ",[189,622,624],{"href":623},"https://www.unidy.io/lp/sso","Single Sign-On (SSO)"," with extensive integrations and EU hosting can reduce both upfront investment and ongoing burden.",[127,627,628],{},[189,629,631],{"href":630},"https://www.unidy.io/blog/","Read more",[134,633,635],{"id":634},"faqs-about-keycloak-pricing-and-hidden-costs","FAQs about Keycloak pricing and hidden costs",[228,637,639],{"id":638},"is-keycloak-free-for-commercial-use","Is Keycloak free for commercial use?",[127,641,642],{},"Yes, Keycloak uses the Apache 2.0 license which permits commercial use without licensing fees. However, organizations separately budget for infrastructure, personnel, security, and compliance costs to operate it in production environments.",[228,644,646],{"id":645},"what-are-the-main-limitations-of-self-hosted-keycloak","What are the main limitations of self-hosted Keycloak?",[127,648,649],{},"Self-hosted Keycloak requires significant DevOps expertise, provides no built-in vendor support, and places full responsibility for security patching, upgrades, and compliance on your internal team. These operational demands often exceed initial expectations.",[228,651,653],{"id":652},"how-long-does-a-typical-keycloak-implementation-take","How long does a typical Keycloak implementation take?",[127,655,656],{},"A basic Keycloak deployment may take several weeks, while enterprise implementations with custom integrations, branding, and high-availability requirements often require several months of focused engineering effort.",{"title":658,"searchDepth":659,"depth":659,"links":660},"",2,[661,662,663,669,674,679,684,689,690,691,697,698],{"id":136,"depth":659,"text":137},{"id":184,"depth":659,"text":185},{"id":222,"depth":659,"text":223,"children":664},[665,667,668],{"id":230,"depth":666,"text":231},3,{"id":240,"depth":666,"text":241},{"id":254,"depth":666,"text":255},{"id":264,"depth":659,"text":265,"children":670},[671,672,673],{"id":276,"depth":666,"text":277},{"id":288,"depth":666,"text":289},{"id":298,"depth":666,"text":299},{"id":308,"depth":659,"text":309,"children":675},[676,677,678],{"id":320,"depth":666,"text":321},{"id":327,"depth":666,"text":328},{"id":334,"depth":666,"text":335},{"id":350,"depth":659,"text":351,"children":680},[681,682,683],{"id":362,"depth":666,"text":363},{"id":374,"depth":666,"text":375},{"id":381,"depth":666,"text":382},{"id":388,"depth":659,"text":389,"children":685},[686,687,688],{"id":400,"depth":666,"text":401},{"id":407,"depth":666,"text":408},{"id":414,"depth":666,"text":415},{"id":421,"depth":659,"text":422},{"id":454,"depth":659,"text":455},{"id":561,"depth":659,"text":562,"children":692},[693,694,695,696],{"id":568,"depth":666,"text":569},{"id":575,"depth":666,"text":576},{"id":587,"depth":666,"text":588},{"id":594,"depth":666,"text":595},{"id":601,"depth":659,"text":602},{"id":634,"depth":659,"text":635,"children":699},[700,701,702],{"id":638,"depth":666,"text":639},{"id":645,"depth":666,"text":646},{"id":652,"depth":666,"text":653},"2026-04-22T00:00:00.000Z","md",{"src":706},"/images/blog/hidden-costs-of-keycloak.png",{},true,{"title":26,"description":129},"Keycloak, Identity Management, Total Cost of Ownership","y9EDNKsgvnmTa_dc5cxOQ1J2gIP1njXa4snK76LyG0I",[713,715],{"title":22,"path":23,"stem":24,"description":714,"children":-1},"Federated identity is a system that links a user's digital identity across multiple separate organizations, allowing them to log in once and access various applications without re-authenticating at each one. When you click \"Sign in with Google\" on a third-party website, you're using federated identity—Google confirms who you are so the other site doesn't have to manage your credentials.",{"title":30,"path":31,"stem":32,"description":716,"children":-1},"Collect - Increasing number of user profiles / Connect - Increase data fields and opt-ins per user / Convert - Increase revenue per user",1776938096775]