4,000+ servers built on vurb.ts
Vinkius
Unlock for AI Agents
Keycloak

Keycloak MCP Server with 34 Tools for Claude, Cursor, and AI Agents

MCP Inspector GDPR Free for Subscribers

Manage identity and access control — list realms, manage users, configure clients, and handle security roles directly from your AI agent. Vinkius routes your AI agents directly to Keycloak through a governed connection. 34 tools ready to use with Claude, ChatGPT, Cursor, or any AI agent — no hosting, no setup, connect in 30 seconds.

Built for AI Agents by Vinkius

Ask AI about this server

Open in ChatGPT Open in Claude Open in Perplexity

Compatible with every major AI agent and IDE

ClaudeClaude
ChatGPTChatGPT
CursorCursor
GeminiGemini
WindsurfWindsurf
VS CodeVS Code
JetBrainsJetBrains
VercelVercel
+ other MCP clients
AI AgentVinkius
High Security·Kill Switch·Plug and Play
Keycloak
Fully ManagedVinkius Servers
60%Token savings
High SecurityEnterprise-grade
IAMAccess control
EU AI ActCompliant
DLPData protection
V8 IsolateSandboxed
Ed25519Audit chain
<40msKill switch
Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

What is the Keycloak MCP Server?

The Keycloak MCP Server routes AI agents like Claude, ChatGPT, and Cursor directly to Keycloak via 34 tools. Manage identity and access control — list realms, manage users, configure clients, and handle security roles directly from your AI agent. Powered by Vinkius — your credentials stay on your side of the connection, every request is auditable. Connect in under 2 minutes.

Built-in capabilities (34)

create_auth_flowcreate_clientcreate_groupcreate_rolecreate_userdelete_clientdelete_groupdelete_realmdelete_userget_clientget_client_secretget_groupget_realmget_roleget_userimport_realmlist_admin_eventslist_auth_flowslist_client_roleslist_clientslist_groupslist_realmslist_required_actionslist_roleslist_user_groupslist_userslogout_all_userspartial_export_realmregenerate_client_secretreset_user_passwordupdate_clientupdate_groupupdate_realmupdate_user

Tools for your AI Agents to operate Keycloak

Ask your AI agent "List all realms available in our Keycloak instance." and get the answer without opening a single dashboard. With 34 tools connected to real Keycloak data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.

Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by Vinkius — your credentials never touch the AI model, every request is auditable. Connect in under two minutes.

Why teams choose Vinkius

One subscription gives you the infrastructure to connect your AI agents to thousands of MCP servers — and deploy your own to the Vinkius Edge. Your credentials stay yours. Your data flows directly between your agent and the API. DLP blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade routing and governance, zero maintenance.

Build your own MCP Server with our secure development framework →

The Keycloak App Connector works with every AI agent you already use

…and any MCP-compatible client

CursorClaudeOpenAIVS CodeCopilotGoogleLovableMistralAWSCursorClaudeOpenAIVS CodeCopilotGoogleLovableMistralAWS

Use all 34 Keycloak tools with your AI agents right now

Vinkius routes your AI agents to Keycloak through a governed proxy. Beyond a simple connection, you get full visibility into every action your agents perform, with enterprise-grade security and up to 60% savings on AI costs.

Explore Tools Hub
create

Create auth flow on Keycloak

Create an authentication flow

create

Create client on Keycloak

Create a new client

create

Create group on Keycloak

Create a top-level group

create

Create role on Keycloak

Create a realm-level role

create

Create user on Keycloak

Create a new user

delete

Delete client on Keycloak

Delete a client

delete

Delete group on Keycloak

Delete a group

delete

Delete realm on Keycloak

Delete a realm

delete

Delete user on Keycloak

Delete a user

get

Get client on Keycloak

Get client representation

get

Get client secret on Keycloak

Get client secret

get

Get group on Keycloak

Get group representation

get

Get realm on Keycloak

Get realm representation

get

Get role on Keycloak

Get a role by name

get

Get user on Keycloak

Get user representation

import

Import realm on Keycloak

Import a realm

list

List admin events on Keycloak

Get admin events for a realm

list

List auth flows on Keycloak

Get authentication flows

list

List client roles on Keycloak

Get client-level roles

list

List clients on Keycloak

Get all clients in the realm

list

List groups on Keycloak

Get group hierarchy

list

List realms on Keycloak

Get accessible realms

list

List required actions on Keycloak

Get required actions

list

List roles on Keycloak

Get realm-level roles

list

List user groups on Keycloak

Get user groups

list

List users on Keycloak

Get users in a realm

logout

Logout all users on Keycloak

Remove all user sessions in a realm

partial

Partial export realm on Keycloak

Partial export of a realm

regenerate

Regenerate client secret on Keycloak

Regenerate client secret

reset

Reset user password on Keycloak

Reset user password

update

Update client on Keycloak

Update a client

update

Update group on Keycloak

Update a group

update

Update realm on Keycloak

Update realm information

update

Update user on Keycloak

Update a user

What the Keycloak MCP Server unlocks

Connect your Keycloak instance to any AI agent to streamline your Identity and Access Management (IAM) workflows. This server provides comprehensive tools to audit, configure, and maintain your security infrastructure through natural language.

What you can do

  • Realm Administration — List, import, and export realms, or monitor admin events to audit changes across your infrastructure.
  • User Management — Create, update, or delete users, reset passwords, and inspect user group memberships without leaving your chat interface.
  • Client Configuration — Manage OIDC/SAML clients, retrieve client secrets, and regenerate credentials instantly.
  • Groups & Roles — Organize your security hierarchy by managing groups and assigning roles at both realm and client levels.
  • Session Control — Force global logouts across entire realms to mitigate security threats in real-time.

How it works

1. Subscribe to this server
2. Provide your Keycloak Base URL and a valid Admin Access Token
3. Start managing your IAM infrastructure from Claude, Cursor, or any MCP client

Who is this for?

  • DevOps & SREs — Quickly audit realm events and manage client configurations during deployments.
  • Security Administrators — Perform emergency password resets or session terminations via simple commands.
  • Backend Developers — Setup test users and retrieve client credentials directly within the IDE flow.

Frequently asked questions about the Keycloak MCP Server

Can I reset a user's password using this integration?

Yes. You can use the reset_user_password tool by providing the realm name, the user ID, and the new credential representation. This allows for immediate password management via the AI.

Is it possible to audit administrative changes in a specific realm?

Absolutely. The list_admin_events tool retrieves the history of administrative actions for a target realm, helping you track who changed what and when.

Can I retrieve OIDC client secrets for my applications?

Yes, the get_client_secret tool allows you to fetch the secret for any configured client in a realm. You can also use regenerate_client_secret if a rotation is required.

More in this category

BoxyHQ (Enterprise SSO)

BoxyHQ (Enterprise SSO)

8 tools

Manage Enterprise SSO and Directory Sync (SCIM) via BoxyHQ — configure SAML/OIDC connections and automate user provisioning directly from your AI agent.

OneTrust

OneTrust

10 tools

Manage privacy requests, assessments, vendors, consent, and incidents via OneTrust — automate GDPR, CCPA, and data governance from any AI agent.

Trend Micro

Trend Micro

8 tools

Equip your AI agent with Vision One telemetry to investigate threats, audit endpoint activities, and manage security alerts natively.

Nmap Online

Nmap Online

10 tools

Perform network discovery and security auditing via Nmap — track port scans, DNS lookups, and traceroutes directly from your AI agent.

You might also like

Gumlet

Gumlet

12 tools

Optimize images and stream video with automatic format conversion, lazy loading, and CDN delivery that loads pages faster.

Pushbullet

Pushbullet

12 tools

Send files, links, and notifications between your phone and computer instantly with universal copy-paste across all devices.

Konnektive

Konnektive

10 tools

Manage CRM and billing — list orders, query customers, and audit transactions.

Nearmap (High-Res Aerial Imagery & AI)

Nearmap (High-Res Aerial Imagery & AI)

10 tools

Manage geospatial data via Nearmap — retrieve high-res aerial imagery, extract AI features, and audit survey coverage.

Vinkius AI Gateway

We built the connector to Keycloak. Now put your agents to work. Fully governed.

Vinkius is the AI Gateway with managed hosting. Stop building connectors. Every connection runs inside eight layers of security.

How it works
Infrastructure

Hosted, sandboxed, and live on AWS. You don't provision anything. You don't maintain anything. You connect.

Visibility

Every tool call, every token, every response. Logged and auditable. Data flows direct from Keycloak to your agent. Nothing is stored on our side. Ever.

Control

Eight governance layers on every request. Sensitive data redacted before it reaches the model. Kill switch if anything goes sideways. Always on.