My company is building a few related applications and we recently began looking into using Keycloak for IAM. We are finishing up our MVPs, but one feature we always planned to integrate is a unified login across these related applications (i.e. user can use the same credentials to login to each application). Apart from this, we also have the following requirements:
- All new users create an organization upon registering and become the sole user of that organization.
- A user can be invited to one or more organizations.
- A user can have the same or completely different role/permissions across each organization they join.
- The user's array of organizations can be different across each application.
We know we can use Keycloak for the multi-org functionality, but is it also possible to achieve our other requirements using Keycloak? If yes, how could we achieve this?
We've looked into creating a single realm with multiple organizations and using the PhaseTwo library but we can't figure out if this would support unified login.