I think what you want is client credentials authentication using Mutual SSL. Your device can request a token without a human involved in the process and no need to have an existing user in the KC database, see https://www.keycloak.org/docs/6.0/server_admin/, Confidential Client Credentials section -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; On Behalf Of Amol Bagul Sent: Monday, October 7, 2019 9:14 AM To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] X-509 Client certificate thumbprint authentication Hi, I have millions of devices connected to keycloak server to acquire access token. I don't have all devices added as user in Keycloak. Can I have X-509 Client certificate authentication based on Client cert Thumbprint. How I can support this ? -Amol _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user