Introduction
Welcome to Phase Two. We have built a toolkit for some of the most common features and pain points you will encounter when building your SaaS application. Initially, we have focused on authentication and authorization use cases. Our goal is to build secure and easy-to-use tools that will accelerate your time to market and adoption by enterprise customers.
Phase Two is unique in that it allows you to build against a common set of tools, libraries and APIs whether you are using our hosted version for a public cloud product, hosting it yourself, or deploying to a customer site.
We are constantly looking for ways to improve our documentation, APIs and developer experience. If you have suggestions or requests, please don't hesitate to contact us. If you prefer a more hands-on approach, you can submit a pull request in our Github documentation repository.
Common Scenarios
These are some of the most common implementation paths teams look for when getting started.
If you want organization administrators to configure their own SAML or OIDC identity provider, associate verified domains, and automatically redirect users to the correct login experience:
- Start with Organizations
- Let organization admins self-manage setup with the IdP Wizard
- Associate providers and verified domains in Organization Identity Providers
- Configure login routing with Automatic IdP Redirection
- See the end-user flow in Enterprise SSO
If you are connecting a SAML identity provider or service provider and need users to land with the correct attributes and claims after login:
- Understand the federation model in Keycloak as an Identity Provider Broker
- Review the SAML request, response, and assertion model in SAML, Simplified
- Expose the right claims to applications with Token Mappers
Authentication Flows
These are the main guides most teams reach for when designing a login experience.
- Start with Authentication for the overview of the available login methods
- Learn how flow configuration works in Understanding Flows
- Add authenticator-app based MFA with One-Time Passwords
- Set up modern device-based authentication with Passkeys
- Set up passkeys, security keys, or passwordless login with WebAuthn
- Implement email-first or passwordless sign-in with Magic Links
- Combine multiple factors and conditions in Complex Flows
📄️ Keycloak
Phase Two is based on the Keycloak Open Source Identity and Access Management system, built and maintained by Red Hat.
📄️ Open Source
The core extensions to Keycloak that Phase Two is built on will always be open source so that you can migrate to your own Keycloak deployment. Below is a list of the relevant extensions and their current status.
📄️ Additional Documentation
In addition to the guides here and in the API documentation, users are encouraged to use the Keycloak documentation for the purpose of learning about Keycloak's capabilities, server administration techniquies, and guides for securing applications.