Native OpenMetadata Integration for Metadata-Aware IAM

Keymate's native OpenMetadata integration enables catalog-aware authorization, DSAC classification enforcement, and seamless visibility across your data & IAM layers.

Metadata-Driven Authorization with Classification-Aware Policies

Why It Matters

Enterprise IAM systems often lack visibility into data context. But access control without understanding data classification (like PII, Confidential, or Public) is incomplete.

With Keymate's OpenMetadata integration:

Key Components:

Metadata like classifications and tags become part of the access decision

Policies align with your data governance taxonomy

DSAC (Data Sensitivity-Aware Control) enforcement becomes real-time

Token enrichment ensures downstream services respect data classification

Catalog-Aware Access Starts with Metadata Sync

OpenMetadata holds data tags, domains, classifications. Keymate syncs metadata events into its internal DSAC tagging engine. Tags are mapped into the policy engine and/or token claims. Policies like "deny if tag == restricted and user.clearance != high" become possible. Any change in metadata is streamed and enforced live.

Metadata Sync Flow

Use cases include:

Key Components:

Limiting access to PII-tagged datasets

Token enrichment with classification level

Auto-adjusted policies based on OpenMetadata tags

Dynamic sensitivity-aware enforcement

Integration Highlights

Real-Time Metadata Sync

Continuously sync tags and classifications via OpenMetadata events

DSAC Tag Enforcement

Apply data sensitivity rules using metadata tags like "PII" or "Restricted"

Policy Engine Integration

Tags and domains are accessible in Keymate's DSL or OpenFGA models

Token Enrichment

Classification context is injected into access tokens

Traceable Data Flows

OpenTelemetry-powered visibility across tag ingestion and decision paths

Frequently Asked Questions

Yes. You can map classification tags in OpenMetadata to Keymate's policy engine and enforce them in real-time using token enrichment and access policies.

Absolutely. All tags, classifications, and metadata fields from OpenMetadata are available and can be used in DSL expressions or FGA relationships.

No. You can use the same approach for APIs, streams, dashboards, or any asset cataloged in OpenMetadata.

How to Enable This Integration

Follow these steps to enable:

Deploy Keymate with the OpenMetadata connector

Configure tag ingestion and classification mapping

Enable DSAC tag injection into tokens

Write policies using DSL or OpenFGA referencing metadata

Monitor flow using OpenTelemetry traces

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.