End-to-End Organization Lifecycle Management

Keymate gives you centralized, fine-grained control over the entire lifecycle of organizations, departments, and units—supporting B2B, B2B2C, and G2C IAM models with dynamic structure, role inheritance, and scoped policy enforcement.

Structured Identity Starts with Structured Organizations

From Creation to Deactivation—Full Lifecycle Control

With Keymate, organization structures are not just static metadata—they're dynamic, hierarchical policy anchors. The system lets you define and manage nested organizations, departments, and units, assign users and roles at any level of the hierarchy, configure delegation and impersonation scopes, track changes, structure evolution, and member assignments, sync organizational data from external systems (e.g., HRMS, MERSIS) via event-driven microservices, and apply policies based on current org membership and unit context. Organization structures are stored in a dedicated configuration store and synchronized with Keycloak via session notes, enabling secure and consistent use in authorization, token enrichment, and OpenFGA checks.

Lifecycle Management Flow

Define nested organizations, assign roles, track changes, and sync data from external systems.

What Makes It Unique

Hierarchical Org Modeling

Define organizations with nested units and auto-inherited roles/policies

Scoped Role Assignment

Assign roles to users at specific org levels with precision targeting

Session-Aware Org Context

Token enrichment with department/unit info for authorization decisions

Lifecycle Events & Sync

Event-driven updates from HRMS, KPS, MERSIS, and other systems

Delegation Within Units

Scoped role delegation ("hats") with expiration and auditability

Policy Context Integration

Org data mapped to OpenFGA for scoped policy evaluation

Visual Org Editor

Manage structures and relationships through the Admin Console UI

Frequently Asked Questions

It means managing not just user accounts, but also the full organizational hierarchy they belong to—including creation, updates, role assignments, delegation, and deactivation.

Keymate provides multi-level, deeply nested structures with scoped role assignment, delegation, OpenFGA integration, and token/session enrichment—beyond Keycloak's flat org model.

Yes. Our integration microservices listen to events from HR, MERSIS, KPS, or other sources, and update the structure in real time.

Absolutely. OpenFGA policies can evaluate the user's org, department, or even delegated role at runtime using the org-unit-aware token data.

How to Use This Feature

Follow these simple steps to manage your organizational structures.

Implementation Steps

Design your organizational structure in the Admin Console

Import or sync org data from MERSIS, HRMS, or manually

Assign users and roles at different org/unit levels

Enable "delegation scopes" to allow temporary access within orgs

Enforce policies using org-aware tokens + OpenFGA DSL

Track changes and audit assignments in real time

Deactivate unused units and retire orphaned structures securely

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.