Keymate Logo

A Single Source of Truth for Security and Compliance

Keymate's Audit Server captures critical IAM events across all components—from user actions to policy changes, delegated access to token flows—stored in a tamper-evident, queryable, and tenant-scoped repository.

Immutable, Tenant-Aware, and Fully Traceable Audit Logging for Everything That Matters

Cross-System Auditing. One Stream. One Standard.

Unlike traditional log files or scattered event emitters, Keymate Audit Server: Captures immutable audit events from Keycloak, Admin Console, Event Hub, Access Gateway, and Policy Engine. Stores all records in a central audit database, isolated per tenant. Ensures WORM-compliant, tamper-evident entries. Adds full session, org, and role context to every event. Streams audit entries optionally to Kafka or SIEM. Integrates into dashboards and alerting pipelines (e.g., SigNoz).

Centralized Audit Server for IAM & Policy Actions

Centralized audit server that captures, stores, and manages all IAM and policy events across the platform with immutable, tenant-aware logging and compliance-ready export capabilities.

Example: Immutable, tenant-aware audit logging for everything that matters

Key Components:

Platform-Wide Event Capture
Immutable Storage
Multi-Tenant Isolation
OTLP Integration
Self-Service Viewer

What Makes It Unique

Platform-Wide Audit Feed

Captures events from every Keymate module

Immutable Audit Storage

Entries are hash-chained and WORM-compatible

Multi-Tenant Isolation

Each tenant's records are separated and query-scoped

Session & Actor Attribution

Includes delegated role, impersonation, and trace ID

OTLP & Kafka Integration

Events are exportable to SigNoz, Elasticsearch, Splunk, etc.

Custom Audit Event Types

Beyond default IAM actions—includes policy ops, org changes, token events

Self-Service Access Viewer

Admin Console module to review filtered audit trails

Retention & Export Policy Management

Define how long to retain audit logs, and how/when to export

Frequently Asked Questions

Yes. Logging is for observability; auditing is for accountability and compliance. Audit Server events are immutable and normalized.
Yes. Tenants can view only their own audit entries, scoped by role permissions.
Absolutely. The audit log captures both the acting admin and the impersonated user in all relevant events.
Yes. You can add custom audit hooks in any custom module or extension.
Yes. Audit events can be streamed to your telemetry pipelines for monitoring or alerting.

How to Use This Feature

Follow these steps to enable centralized audit logging across your platform.

Implementation Steps

1

Enable Audit Server module from Admin Console

2

Define audit event categories you wish to capture

3

Configure retention and export policies per tenant

4

Connect to SigNoz, Kafka, or SIEM for extended analysis

5

Use Admin Console Audit Viewer to inspect and filter records

6

Schedule exports for legal or compliance review

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.