Has anyone used OOD with KeyCloak to set up 2FA to AD + Radius

We have OOD deployed.
Currently our authentication and authorization is Active Directory based.
We are looking to integrate with Keycloak and are looking to see if anyone has gone down the road of using OOD with keycloak, where active directory is the authoritative source of data for user identities.

I think you can setup AD user federation similar to how the ldap keycloak user guide states but select AD as the vendor curing the config process instead of other that uses openLDAP.


Thanks. I’m going to pull the tech folks in on the discussion (I’m the PM). I am hoping to get the team lined up to talk with someone who has direct experience doing it which could help us over the initial hump in terms of understanding the complexity and share what worked best for them and what they had problems with.

We’ve got security and AD knowledgeable people on the team, but have never directly worked with keycloak.

I’m brand new to the forum so I welcome any flames or pointers if I’m not following protocols.


Hi Mike,

Keycloak can be a bit fickle so my scars are many and deep. I can’t speak for the OSC folks but I bet they feel the same. Federating with AD should be rather straight forward. Implementing OpenID connect and authentication flows is where I usually see the most friction.