Accepting new clients

Keycloak user sync
that actually works.

Fixed-scope implementations connecting Azure AD, Okta, Google Workspace, or LDAP to Keycloak. Delivered in 2–3 weeks. Tested, documented, production-ready. No hourly billing. No scope creep. No guessing.

2–3 wkDelivery Time
$8,000Fixed Price From
100%Test Coverage
Book Free Architecture Call →See How It Works

Sound familiar?

Keycloak's built-in federation works for basic setups. Then reality hits.

"Sync all users" does nothing — no errors, no users, no explanation.You click the button. Keycloak says success. But the users aren't there. You've spent 3 days digging through logs and GitHub issues.
Attribute mapping that silently drops data.Emails sync but names don't. Groups come through without members. Custom attributes vanish.
Federation that breaks on every Keycloak upgrade.You built a fragile sync that worked on 21.x. Now you're on 26.x and the User Storage SPI changed.
Multi-source sync that Keycloak simply doesn't support out of the box.Half your users are in Azure AD. The other half are in an internal LDAP. Good luck with the built-in federation provider.

What you get

Three tiers. Pick what fits. Every tier includes tested, documented, production-ready output.

Audit
$2,000
~14,000 DKK · one-time
I review your current Keycloak setup, identify sync gaps, and deliver an architecture recommendation with implementation roadmap.
  • Full config and federation review
  • Sync gap analysis document
  • Architecture recommendation
  • Implementation roadmap
  • 3–5 day delivery
Implementation
$8–12K
~55–83,000 DKK · one-time
Full sync implementation. I connect your identity provider(s) to Keycloak with working, tested synchronization.
  • Architecture document
  • Keycloak realm configuration
  • Custom sync adapter (SPI/code)
  • Automated test suite
  • Operations runbook
  • 30-min handoff call
  • 14 days post-delivery support
  • 2–3 week delivery
Managed
$700/mo
~4,800 DKK/mo · ongoing
Ongoing sync monitoring, maintenance, and support. Your sync stays healthy as Keycloak evolves.
  • 24/7 sync health monitoring
  • Monthly health reports
  • 4-hour response time
  • Proactive Keycloak update testing
  • 2 hrs/month sync adjustments
  • Cancel anytime

How it works

Five steps from first call to production sync. No ambiguity.

1
Architecture call
15 minutes · free

We walk through your identity landscape. I'll tell you honestly whether this is a good fit.

2
Proposal + SOW
Within 24 hours

You get a 1-page proposal with exact scope, price, and timeline. Fixed price, fixed scope.

3
Build + test
Days 1–10

Architecture document, Keycloak configuration, custom sync adapter, comprehensive test suite.

4
Handoff + docs
Days 10–14

Complete documentation package. 30-minute handoff call with your engineering team.

5
Support window
14 days included

Questions via email or Slack for 14 days after delivery.

⚡ The guarantee

If the sync doesn't pass all defined test scenarios within 30 days of delivery, I fix it at no additional cost.

Who this is for

I work with mid-market teams that have hit the wall with Keycloak federation.

if ( you.have("keycloak running in staging or production") && you.need("reliable user sync from Azure AD, Okta, LDAP, or custom sources") && you.tried("built-in federation") && you.got("frustrated")) { // You're in the right place. return "book a call";}
Typical clients: Platform engineers, DevOps leads, and CTOs at B2B SaaS companies, healthcare IT, fintech, and e-government organizations with 50–500 employees.

Questions

What identity providers do you support?
Azure AD (Entra ID), Okta, Google Workspace, LDAP/Active Directory, and custom REST API sources.
Do I need Keycloak already running?
Yes. I specialize in the sync layer, not Keycloak installation. You need a working Keycloak instance.
What if I need changes after delivery?
14 days of support are included. For ongoing changes, the Managed tier ($700/mo) covers that.
Why not just use the built-in LDAP federation?
It works for simple, single-source, read-only scenarios. Once you need more, it breaks down.
What Keycloak versions do you support?
Keycloak 20+ (Quarkus-based).

Stop debugging federation.
Ship working sync.

15-minute architecture call. No pitch. I'll sketch out how I'd approach your setup.

Book Architecture Call →

Or email directly: jacob@keycloaksync.dev