On Wed, Oct 21, 2015 at 6:43 PM, Bill Burke <bburke@redhat.com> wrote:

We originally took this route with Keycloak. The idea that Keycloak
could be a SAAS...But we decided that the best way to deploy Keycloak in
the cloud would be to create a cloud instance of Keycloak per
organization. In Red Hat OpenShift terms: Keycloak would be a
cartridge and the organization could opt to install it within their
cloud account.

The reason for this is to isolate one paying customer from a different
one. You probably don't want them sharing database instances, IP
addresses, etc.

If that is not possible, we can discuss other possibilities. Right now
though Realm is a completely isolated unit. Users belong to one realm
and one realm only.

I think you have the best of both worlds, ie. you can create multiple realms with a single Keycloak install to manage multiple customers, or you could install Keycloak for each customer separately as you describe above.

Now we app developers just need to figure out the best way to handle this on our side :-)

Best regards,

Thomas