Claude CodeCLI

Keycloak MCP Server

Bring Iam
to Claude Code

Name: Keycloak MCP Server
Price: 29 USD
Availability: InStock
Rating: 4.9 (1 reviews)
Author: Vinkius

Learn how to connect Keycloak to Claude Code and start using 34 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.

GDPR Free for Subscribers

Create Auth FlowCreate ClientCreate GroupCreate RoleCreate UserDelete ClientDelete GroupDelete RealmDelete UserGet ClientGet Client SecretGet GroupGet RealmGet RoleGet UserImport RealmList Admin EventsList Auth FlowsList Client RolesList ClientsList GroupsList RealmsList Required ActionsList RolesList User GroupsList UsersLogout All UsersPartial Export RealmRegenerate Client SecretReset User PasswordUpdate ClientUpdate GroupUpdate RealmUpdate User

Unlock for AI Agents

Ask AI about this MCP Server ChatGPT Claude Perplexity

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

What is the Keycloak MCP Server?

Connect your Keycloak instance to any AI agent to streamline your Identity and Access Management (IAM) workflows. This server provides comprehensive tools to audit, configure, and maintain your security infrastructure through natural language.

What you can do

Realm Administration — List, import, and export realms, or monitor admin events to audit changes across your infrastructure.
User Management — Create, update, or delete users, reset passwords, and inspect user group memberships without leaving your chat interface.
Client Configuration — Manage OIDC/SAML clients, retrieve client secrets, and regenerate credentials instantly.
Groups & Roles — Organize your security hierarchy by managing groups and assigning roles at both realm and client levels.
Session Control — Force global logouts across entire realms to mitigate security threats in real-time.

How it works

Subscribe to this server
Provide your Keycloak Base URL and a valid Admin Access Token
Start managing your IAM infrastructure from Claude, Cursor, or any MCP client

Who is this for?

DevOps & SREs — Quickly audit realm events and manage client configurations during deployments.
Security Administrators — Perform emergency password resets or session terminations via simple commands.
Backend Developers — Setup test users and retrieve client credentials directly within the IDE flow.

Built-in capabilities (34)

create_auth_flow

Create an authentication flow

create_client

Create a new client

create_group

Create a top-level group

create_role

Create a realm-level role

create_user

Create a new user

delete_client

Delete a client

delete_group

Delete a group

delete_realm

Delete a realm

delete_user

Delete a user

get_client

Get client representation

get_client_secret

Get client secret

get_group

Get group representation

get_realm

Get realm representation

get_role

Get a role by name

get_user

Get user representation

import_realm

Import a realm

list_admin_events

Get admin events for a realm

list_auth_flows

Get authentication flows

list_client_roles

Get client-level roles

list_clients

Get all clients in the realm

list_groups

Get group hierarchy

list_realms

Get accessible realms

list_required_actions

Get required actions

list_roles

Get realm-level roles

list_user_groups

Get user groups

list_users

Get users in a realm

logout_all_users

Remove all user sessions in a realm

partial_export_realm

Partial export of a realm

regenerate_client_secret

Regenerate client secret

reset_user_password

Reset user password

update_client

Update a client

update_group

Update a group

update_realm

Update realm information

update_user

Update a user

Why Claude Code?

Claude Code registers Keycloak as an MCP server in a single terminal command. Once connected, Claude Code discovers all 34 tools at runtime and can call them headlessly. ideal for CI/CD pipelines, cron jobs, and automated workflows where Keycloak data drives decisions without human intervention.

—
Single-command setup: claude mcp add registers the server instantly. no config files to edit or applications to restart
—
Terminal-native workflow means MCP tools integrate seamlessly into shell scripts, CI/CD pipelines, and automated DevOps tasks
—
Claude Code runs headlessly, enabling unattended batch processing using Keycloak tools in cron jobs or deployment scripts
—
Built by the same team that created the MCP protocol, ensuring first-class compatibility and the fastest adoption of new protocol features

See it in action

Keycloak in Claude Code

AI Agent→Vinkius

High Security·Kill Switch·Plug and Play

Why Vinkius

Keycloak and 4,000+ other MCP servers. One platform. One governance layer.

Teams that connect Keycloak to Claude Code through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.

4,000+MCP Servers ready

<40msCold start

60%Token savings

	Raw MCP	Vinkius
Server catalog	Find and host yourself	4,000+ managed
Infrastructure	Self-hosted	Sandboxed V8 isolates
Credential handling	Plaintext in config	Vault + runtime injection
Data loss prevention	None	Configurable DLP policies
Kill switch	None	Global instant shutdown
Financial circuit breakers	None	Per-server limits + alerts
Audit trail	None	Ed25519 signed logs
SIEM log streaming	None	Splunk, Datadog, Webhook
Honeytokens	None	Canary alerts on leak
Custom domains	Not applicable	DNS challenge verified
GDPR compliance	Manual effort	Automated purge + export

Unlock for AI Agents View step-by-step setup guide for Claude Code →

Enterprise Security

Why teams choose Vinkius for Keycloak in Claude Code

The Keycloak MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 34 tools execute in hardened sandboxes optimized for native MCP execution.

Your AI agents in Claude Code only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.

Unlock for AI Agents View full Keycloak details →

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

The Vinkius Advantage

How Vinkius secures
Keycloak for Claude Code

Every tool call from Claude Code to the Keycloak MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.

< 40msCold start

Ed25519Signed audit chain

60%Token savings

FAQ

Frequently asked questions

Can I reset a user's password using this integration?

Yes. You can use the reset_user_password tool by providing the realm name, the user ID, and the new credential representation. This allows for immediate password management via the AI.

Is it possible to audit administrative changes in a specific realm?

Absolutely. The list_admin_events tool retrieves the history of administrative actions for a target realm, helping you track who changed what and when.

Can I retrieve OIDC client secrets for my applications?

Yes, the get_client_secret tool allows you to fetch the secret for any configured client in a realm. You can also use regenerate_client_secret if a rotation is required.