Frequently Asked Questions

Frequently Asked Questions

Find answers to common questions about Skycloak and managing your Keycloak instances.

General Questions

What is Skycloak?

Skycloak is a managed Keycloak service that handles the infrastructure and management of your Keycloak instances. We take care of hosting, updates, backups, and monitoring, allowing you to focus on implementing authentication and authorization in your applications.

How is Skycloak different from self-hosted Keycloak?

While Skycloak uses the same Keycloak software you can self-host, we provide:

  • Managed infrastructure and automatic updates
  • High availability and automatic scaling
  • Monitoring and alerting
  • Backup and disaster recovery
  • Professional support
  • Simple configuration interface

Which Keycloak versions does Skycloak support?

At the moment of writing, Skycloak supports Keycloak 18.0.1 and onwards (currently 26.0.5). We add the latest version as soon as it’s released. If a version is missing, please contact us. You may noticed that some patch or minor versions are missing, this is because we often keep the latest version of a major version. Moreover, if we notice a version has major issues (performance or security), we will remove it from our supported versions.

Pricing and Billing

How does Skycloak pricing work?

Our pricing is based on:

  • Number of active users
  • Number of Keycloak instances
  • Selected support tier
  • Additional features (e.g., custom domains)

What happens if I exceed my user limit?

WE DO NOT limit your user count. You can have as many users as you want.

Can I change plans at any time?

Yes, you can upgrade or downgrade your plan at any time. Changes are prorated to your billing cycle. Be aware that if you are using a medium or large cluster and you downgrade your plan, your cluster will be downgraded as well. Hence, be careful with your plan selection.

Technical Questions

How do I connect my application to Skycloak?

Connect using standard Keycloak integration methods:

// Example configuration
{
  "realm": "your-realm",
  "auth-server-url": "https://your-instance-identifier.app.skycloak.io",
  "resource": "your-client",
  "public-client": true,
  "verify-token-audience": true
}

Can I use custom domains?

Yes, on Startup and Growth plans:

  1. Reach out to us at [email protected]
  2. You will be require to provide your domain
  3. You will also be required to update your DNS records
  4. We handle SSL certificates for you

How do you handle backups?

We provide:

  • Automated daily backups for small and medium clusters
  • Point-in-time recovery for large clusters
  • 7-day backup retention for small and medium clusters
  • 30-day backup retention for large clusters

What is a realm?

A realm in Keycloak is a logical container for your users, applications, and security configurations. Think of it as a security boundary where:

  • Users are defined and managed
  • Applications (clients) are registered
  • Authentication policies are configured
  • User federation settings are managed
  • Groups and roles are defined

You can create multiple realms in your Keycloak cluster to separate different user bases or applications.

How do you handle multi-tenancy?

Unlike some providers who offer shared Keycloak clusters with one realm per customer, Skycloak provides each customer with their own dedicated Keycloak cluster. This means:

  • You get full control over your entire Keycloak cluster
  • No sharing of Keycloak resources with other customers
  • Complete freedom to create and manage realms as needed
  • Full isolation of your authentication infrastructure

For more details about our cluster offerings, checkout out Your first cluster.

Can I set up multiple environments (dev/staging/prod)?

Yes! For customers on Startup and Growth plans, each environment is represented by its own dedicated Keycloak cluster:

  • You get a separate cluster for each environment (development, staging, production)
  • Each environment’s cluster can be sized according to your needs
  • Environments are completely isolated from each other since they are separate clusters
  • You have full control over each cluster’s configuration

What are the characteristics of a created cluster?

Each Skycloak cluster has the following characteristics:

  • Complete isolation: Your cluster is not a tenant in a shared Keycloak instance - it’s a fully dedicated Keycloak cluster just for you
  • Admin console: The administration console is publicly accessible by default. To secure it, you have two options:
    • Growth plan: Includes firewall rules and VPN connectivity options
    • Security Firewall add-on: Available with Dev plan or higher to restrict admin access

Check out our Add-ons page for more security options (requires Dev plan or higher).

Security

How do you secure Keycloak instances?

Please visit our security page for more information.

What compliance standards do you meet?

Our service is compliant with:

  • SOC 2 Type I

We are working on getting the following by 2025 Q2:

  • SOC 2 Type II
  • GDPR
  • ISO 27001

How do you handle data privacy?

We follow strict data privacy practices:

  • Data encryption at rest and in transit
  • Data residency options
  • Regular security audits
  • Privacy-by-design principles

How do you handle disaster recovery?

We offer comprehensive disaster recovery solutions:

Basic Disaster Recovery (Included in all plans):

  • Point-in-time backups with near-zero RPO
  • Full backup and restore capabilities
  • Automated recovery procedures

Advanced Disaster Recovery (Available as add-on):

  • Warm standby in separate regions
  • Zero RPO (Recovery Point Objective)
  • 10-30 minute RTO (Recovery Time Objective)
  • Automated failover capabilities

For enhanced disaster recovery options, check out our Add-ons page.

For detailed information about our security and disaster recovery measures, visit our security page.

Performance and Reliability

What uptime do you guarantee?

Our SLA guarantees:

  • 99.95% uptime (Startup plan)
  • 99.995% uptime (Growth plan)
  • Discounts on failed uptime

Visit our SLA page for more information.

How do you handle scaling?

We apply automatic scaling to large clusters. Automatic scaling based on:

  • User load
  • Request volume
  • Resource utilization

Troubleshooting

Common Integration Issues

Token Validation Failures

Common causes:

  • Clock synchronization issues
  • Incorrect client configuration
  • Network connectivity problems

Connection Problems

Troubleshooting steps:

  1. Check network connectivity
  2. Verify DNS resolution
  3. Confirm firewall rules
  4. Review client configuration

Support

How do I get help?

If you have an account with use, you may open a ticket in the support portal for more information. Response and resolution times vary by plan. For more details, please visit our SLA page.

Where can I report issues?

Report issues through:

  • Dashboard support portal
  • Email [email protected]
  • Emergency channels (Growth plan and +)

Do you provide implementation support?

Yes, we offer:

  • Implementation guidance
  • Best practices consulting
  • Architecture review
  • Custom development