Seamless Integration with LDAP & Active Directory

Federate user accounts, roles, and attributes from your enterprise directory—while keeping them in sync with Keymate and Keycloak.

Enterprise Federation and Real-Time Sync with LDAP/AD

Why It Matters

LDAP and Active Directory remain foundational systems in enterprise environments. Many organizations rely on them for:

Keymate enables seamless LDAP/AD integration with: Real-time sync via LDAP Federation Extension, Attribute mapping to enrich user profiles and tokens, Read-only or read-write federation modes, Organization-aware login and role assignment, Policy-ready user attributes.

Key Components:

Centralized identity storage

Authentication and group management

Organizational unit hierarchies

Bridge Your Directory and Modern IAM

Use Cases: Federate legacy users without migration, Enforce scoped authorization based on AD groups, Auto-populate organizational roles from OU tree, Sync title and department for token enrichment.

Key Components:

Keymate connects to LDAP or AD via custom SPI

Users are federated dynamically at login or in batch

Organizational info (OU, groups, titles) is mapped

Tokens and sessions reflect directory-sourced context

Directory remains source of truth, IAM reflects live view

Integration Highlights

LDAP Federation Extension

Dynamic user federation with fine-grained mapping

Attribute Mapper Support

Title, department, org pulled from directory

Read-Only or Sync Mode

Choose between non-invasive or sync-based integration

Scoped Role Assignment

Map AD groups to fine-grained IAM roles

Policy-Ready Claims

Populate tokens with LDAP-based fields for access control

Audit-Ready Federation

Every login and mapping action is logged and traceable

Frequently Asked Questions

No. Federation is read-only unless explicitly configured otherwise.

Via Scoped Role Assignment Mappers that translate groups/OU into IAM roles.

Federation happens at login or via scheduled sync jobs.

Yes. Each realm or tenant can define its own LDAP provider.

How to Use This Integration

Implementation Steps

Configure the LDAP Federation Extension in Keycloak

Define your directory connection and base DN

Map desired attributes using Keymate's custom mappers

Enable role and org synchronization via Scoped Mappers

Test login and inspect enriched tokens

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.