From my understanding Realms allow Keycloak itself to be Multi Tenant, completely isolated Tenants.

Date: Wed, 14 Oct 2015 11:35:38 -0400 From: Bill Burke <bburke(a)redhat.com&gt; Subject: Re: [keycloak-user] Keycloak to set up Teams and Organizations To: keycloak-user(a)lists.jboss.org Message-ID: <561E764A.4030706(a)redhat.com&gt; Content-Type: text/plain; charset=windows-1252; format=flowed That's just not how keycloak was designed. Realms contain users, applications/clients, roles, groups etc. Realms were meant to be completely isolated from one another. On 10/14/2015 10:53 AM, Tim Dudgeon wrote: > The use case for me is to use multiple realms for authentication (e.g. > one realm for each organisation) that can access a single application > using a common set of roles. > Its sort of discussed from a different perspective on the apiman list here: > http://lists.jboss.org/pipermail/apiman-user/2015-October/000361.html > > Tim > > On 14/10/2015 15:34, Bill Burke wrote: >> No, we are not creatin "global" groups and roles. use case please?. >> We're trying to keep realms isolated from one another. >> >> On 10/14/2015 7:29 AM, Tim Dudgeon wrote: >>> The scope of this is presumably groups within an individual realm? >>> Is there any possibility for "global" groups and roles that can span >>> multiple realms? >>> >>> Tim >>> >>> On 13/10/2015 17:18, Bill Burke wrote: >>>> You just want something like github groups? List your requirements.