Keycloak realms separation

55 views Asked by At

Background

I need to use Keycloak as IdP server for user authentication and authorization. In my application there are two types of users: customers and admins.

Customers may use our public web app (Node JS) for registering / login in order to make purchases later.

Admins use separate private web app (React) for login and application management. Admins cannot register on their own, they are added by other admins.

Question

The question is: should I use one realm for both types of users (in this case I could use different clients for authentication and role management) or would it be better to separate them into two realms?

PS

My concerns are related to the fact that user credentials are associated with only one realm and both user types may have different authorization flows.
0

There are 0 answers