Real-Time Identity Federation with Government Registries

Sync authoritative identity and company data from national sources like MERNIS, MERSIS, and KPS. Keymate's connector SPI listens for external changes, pushes normalized events into the IAM pipeline, and ensures trusted, up-to-date identity records.

Real-Time Identity Sync from Government Systems to IAM

Why It Matters

Accurate identity data is critical in high-trust IAM scenarios such as public sector, finance, and regulated industries. Manual updates lead to errors, compliance gaps, and stale profiles. With Keymate's government connector SPIs, you can:

Key Components:

Synchronize identity data in real time using MERNIS and KPS

Keep business records up-to-date with MERSIS integration

Capture e-Tebligat registration and updates for legal notification use cases

Enrich tokens and authorization context with trusted source data

Trigger downstream workflows and audits on external updates

From External System to Enriched Identity

Use Cases Include: • Citizen or company verification • Attribute updates (e.g., name, title, status) • Legal presence detection (e.g., e-Tebligat validation) • Lifecycle events: death, marriage, status change

Key Components:

External system (e.g., MERNIS) pushes or is polled for identity changes

A connector microservice formats the event and calls EventHub's gRPC API

EventHub validates and emits the event

Integration Hub writes to Kafka

Consumer services or Keycloak extensions enrich the session/token or trigger workflows

Extension Highlights — What Makes It Unique

Modular Connectors

Individual microservices per system (MERSIS, MERNIS, KPS, etc.)

Event-Driven Sync

Real-time integration via gRPC and EventHub

Schema Normalization

Unifies diverse source formats into IAM-consumable structures

Secure & Compliant

Authenticated access to sensitive APIs (cert/token-based)

Attribute-Aware Mapping

Identity details mapped to Keycloak user attributes or tokens

Downstream Triggering

Kafka messages can drive enrichment, auditing, workflows

Frequently Asked Questions

Currently: MERNIS, KPS (citizenship), MERSIS (business), e-Tebligat (legal notifications). Other APIs can be integrated with minor extensions.

Both models are supported. Depending on the registry, connectors can pull data or listen for webhook triggers.

Yes. The connector SPI is fully pluggable and source-agnostic. Any external registry with an API can be adapted.

Each event is validated and normalized before entering IAM. Conflicting or malformed data is logged with trace context.

How to Use This Extension

Implementation Steps

Deploy the connector microservice (e.g., mernis-connector)

Configure access credentials to the public API (token, cert, etc.)

Set up mappings to EventHub via gRPC

Enable schema validation and logging in Integration Hub

Define downstream consumers (e.g., Enrichment Service, Kafka listeners)

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.