Keycloak Assessment
Tech questions:
- What is your current AuthE strategy?
- How do you authenticate users?
- What is your current AuthZ strategy?
- Is RBAC in place?
- Which IAM solutions are in place?
- How many IDPs?
- How many SPs?
- How many realms?
- How do you deploy your infrastructure?
- Are you using Kubernetes?
- Are you using Docker?
- Is your infrastrucutre cloud native?
- How do you enfoce policies?
- Are you using OPA?
- What is your technology stack?
- What type of token do your applications consume?
- Wich auth protocol is used (OpenID Connecct, SAML)?
- Do your authenticate on a proxy level?
- Do you depend on a vendor for auth solutions?
- Are you using AWS IAM?
Organizational questios:
- How many users use your auth services?
- How much time is put into managing permissions and security?