Seamless Isolation for B2B, B2B2C, and G2C Identity Models

Keymate offers true multi-tenancy — not just realm separation. Each tenant gets isolated org units, policies, user bases, and delegated admins, making it perfect for partner portals, public sector services, and multi-tenant SaaS platforms.

How Multi-Tenant IAM Works in Keymate

Unlike basic realm separation, Keymate provides tenant-aware authorization models that include: Per-tenant organization structure, Scoped role bindings and user isolation, Tenant-specific access policies, and Delegated tenant administration. B2B clients, public institutions, or partners can each manage their own space, while policies remain enforceable centrally or per tenant. Sub-tenants and hierarchical delegation are also supported via the organization module.

Isolated Tenant Architecture

Each tenant gets isolated org units, policies, user bases, and delegated admins.

What Makes It Unique

Isolated Tenant Boundaries

Logical and secure segmentation of users, policies, and permissions per tenant.

Tenant-Specific Policy Stores

Define access rules separately for each tenant or centrally.

Scoped Delegated Administration

Admin roles are scoped by tenant, enabling partner-controlled governance.

B2B, B2B2C, G2C Support

Designed for real-world use cases like supplier networks, citizen access, and federated orgs.

Cross-Tenant Visibility Control

Optionally allow read-only views or impersonation within governed scopes.

Parallel Realm & Tenant Support

Integrates with Keycloak realms but adds native tenant metadata and enforcement controls.

Frequently Asked Questions

It refers to managing identity and access for multiple logically-separated tenants in a single system. In Keymate, each tenant has its own users, roles, and policies.

Keycloak realms are hard-isolated and lack centralized delegation, hierarchy, and scoped administration. Keymate enables nested tenants, delegated roles, and shared policy modeling.

Yes. Keymate supports delegated administration, allowing each tenant or partner to manage their identity perimeter securely.

Absolutely. Role delegation, tenant scoping, impersonation, and org-unit based policy enforcement make it easy to handle these models natively.

How to Use This Feature

Follow these simple steps to set up a multi-tenant environment.

Configuration Steps

Define tenants in the Admin Console

Configure org structures and roles per tenant

Set up scoped admin access and impersonation limits

Write policies using token.tenant and related attributes

Deploy policies centrally or per tenant

Observe activity via tenant-aware audit logs

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.

Seamless Isolation for B2B, B2B2C, and G2C Identity Models

How Multi-Tenant IAM Works in Keymate

Isolated Tenant Architecture

What Makes It Unique

Isolated Tenant Boundaries

Tenant-Specific Policy Stores

Scoped Delegated Administration

B2B, B2B2C, G2C Support

Cross-Tenant Visibility Control

Parallel Realm & Tenant Support

Frequently Asked Questions

What is multi-tenant IAM?

How does this differ from realms in Keycloak?

Can partners manage their own users?

Can I model B2B2C or G2C use cases?

How to Use This Feature

Configuration Steps

Define tenants in the Admin Console

Configure org structures and roles per tenant

Set up scoped admin access and impersonation limits

Write policies using token.tenant and related attributes

Deploy policies centrally or per tenant

Observe activity via tenant-aware audit logs

Ready to Transform Your Keycloak Experience?