Keycloak: for easy, secure and flexible user management

Why develop an identity and access management tool yourself, when a perfectly good solution is already available? In this blog we discuss what makes Keycloak such an attractive open-source tool and how it works with Glowing Bear and cBioPortal.

One major advantage of Keycloak that a range of options are available out of the box. The console is designed in such a way that server admins get a good overview of the available options and customization of user profiles and access is quick and simple. They don’t need programming skills to be able to work with Keycloak, just a basic understanding of how to manage access and authorization for users with varying levels of rights and restrictions.


Another advantage is that Keycloak can be integrated with existing user systems without the need for migrating these data. For example, Keycloak can connect with a LDAP server to use existing account and password information for employees or medical staff. The tool also can be configured in such a way that it allows users to log in with their Google account or social media profiles.

A wide range of programmes and systems can be integrated with Keycloak. In a hospital or research facility it could work with the tranSMART data warehouse, the Glowing Bear user interface, and the cBioPortal tool for Cancer Genomics visualization and analysis, and other existing systems.

Single sign-on

Any organisation wants to avoid the situation where users to log onto each system separately with different login names and often using the same password for these accounts. Keycloak therefore supports single sign-on: users log in with a single ID and password and gain access to all connected systems.


Other Keycloak features include the option of 2-factor authentication where the user needs to provide a password and a code sent via SMS or to an app installed on a smartphone (for example freeOTP and Google authenticator). The login page, where users need to enter their name and password, can be customized with a photo or the company logo. Of course, the admins can specify password requirements, such as minimum length, number of capitals, digits and special characters and if the password should expire.

Last but not least, Keycloak meets a range of security standards. This helps health care institutions to comply with set standards.

Configuration of groups

Creating new users and defining different user groups within Keycloak is a pretty straightforward process. How to configure user groups and define permissions for Glowing Bear, the user interface for the tranSMART 17.1 data warehouse, is described here.

A guideline for Keycloak authentication and authorization in cBioPortal can be found here.

Do you want to know if your organisation might benefit from Keycloak? Please contact The Hyve’s for advice. We also provide training to server admins on how to set up Keycloak.

Written by

Elisa Cirillo