Skip to content

Configuring your user pool

A user pool is a SavvyTechies-managed Keycloak realm: an isolated identity space with its own users, applications, login flow, and security policy. This section is a per-setting reference — what each setting does, the value we recommend, and the three ways to change it.

Login & security

TLS enforcement, brute-force protection, browser security headers, remember-me. Open →

Passwords & MFA

Password policy, OTP/TOTP, WebAuthn passkeys, step-up authentication. Open →

Tokens & sessions

Access-token lifespan, SSO idle/max timeouts, refresh-token rotation. Open →

Registration & email

Self-registration, email verification, forgot-password, login with email. Open →

Single sign-on (SSO)

External identity providers — Google, Entra ID, Okta, generic OIDC/SAML, LDAP. Open →

Applications (clients)

Register OIDC and SAML apps, redirect URIs, PKCE, flows, client secrets. Open →

Login branding

Colors, logo, corner style, and custom CSS across all login pages. Open →

Events & audit

User and admin event logging, retention, and where the data goes. Open →

Run the Keycloak Analyzer against a realm export to get an instant security & production-readiness score. It flags exactly the settings on these pages — weak password policy, brute-force off, wildcard redirects, long-lived tokens, missing audit logging — and nothing is stored.

New user pools ship secure: TLS required, brute-force protection on, a strong password policy, short access tokens with refresh-token rotation, PKCE required for public clients, email verification on, and audit logging enabled. Every page below tells you the default and how to change it.