Skip to content


This page explains how to manage access to API Portals with IdPs.


An identity provider (IdP) is a centralized system or service responsible for verifying users’ identities and providing access to various applications, services, or resources within an organization's network or across the internet. It authenticates users through multiple methods, such as usernames and passwords, multi-factor authentication, or single sign-on (SSO).

You can use Traefik Hub to manage your users and groups (internal IdP), or you can use Keycloak (external IdP) for Single Sign-On (SSO) or as an identity broker.


All user management is done through the internal IdP.

Traefik Hub will manage all users, groups, and tokens. This is the default configuration.


Traefik Hub uses Keycloak to integrate with popular authentication providers (external IdPs).

Keycloak is an open-source identity and access management solution that provides authentication, authorization, and single sign-on capabilities for applications and services.

You can use Keycloak as an IdP or as an identity broker with other OpenID providers or social logins such as Google, GitHub, and other social networks.

What's next