Keymate Logo

Centralized Audit Trails You Can Actually Trust

Keymate records every meaningful event—authorization checks, policy changes, role assignments, token issuance, and impersonation—into structured, queryable audit logs. These logs are tenant-aware, session-linked, and ready for compliance, forensics, and operational monitoring.

Centralized Audit Trails You Can Actually Trust

Audit Visibility from Policy Change to Runtime Access

Keymate captures and correlates all critical IAM activities, including: Policy updates and versioning actions. Role and permission assignments or removals. Delegation and impersonation events. Token issuance, refresh, revocation. Authorization decisions (grant/deny), evaluated in FGAC. Subscription events and transformations (if applicable). Each log includes: Timestamp, tenant, user, session, and IP. Affected resource or policy. Change actor and target. Correlation with trace ID and decision outcome. These logs feed into both SIEM systems and SigNoz dashboards, and are optionally retained long-term for regulatory requirements (e.g., KVKK, GDPR, ISO 27001).

Comprehensive Audit Logging Pipeline

Comprehensive audit logging system that captures every IAM event with structured, queryable logs for compliance, forensics, and operational monitoring.

Example: Every change, every token, every decision—logged and searchable

Key Components:

Structured JSON Logs
Real-time Streaming
Session & Trace Linking
Multi-Tenant Isolation
Compliance-Ready Retention

What Makes It Unique

Structured Audit Logs

JSON-based logs with consistent schema across all modules

Real-Time Log Streaming

Logs sent instantly to Kafka, Elasticsearch, or file sinks

Session-Linked Events

Every log tied to the user session and trace context

Multi-Tenant Isolation

Logs are logically and physically isolated per tenant

Impersonation & Delegation Tracing

Logs record both actual and acting user identity

Policy & Role Lifecycle Audits

Track who changed what, when, and how (including version diffs)

Access Decision Logging

Every FGAC decision includes policy match details

Compliance-Ready Retention

Configurable log storage with encryption and rotation policies

Frequently Asked Questions

Audit logs are streamed via Kafka and can be ingested by ELK, SigNoz, or your own log analytics tool. Long-term retention is configurable.
Yes. Both the real and acting user are logged with full session context.
Yes. Every log carries a trace and session ID that can be used to reconstruct an incident or user journey.
Yes. Logs are encrypted at rest and in transit. Retention and access rules are fully aligned with KVKK/GDPR/ISO27001 guidelines.
Yes. Audit log access in the Admin Console is governed by RBAC.

How to Use This Feature

Follow these steps to enable comprehensive audit logging for all IAM activities.

Implementation Steps

1

Enable audit logging in Admin Console and define target sinks (Kafka, Elastic, File)

2

Configure retention, masking, and severity levels per tenant or org

3

View real-time logs in observability dashboard (SigNoz) or forward to SIEM

4

Use trace/session correlation to debug issues or investigate access incidents

5

Export logs for periodic compliance audits or incident response

6

Define alert rules for suspicious actions (e.g., bulk role changes, repeated access denials)

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.