From 379d2972cbd240204c9d8a4d0613cdb591e8873a Mon Sep 17 00:00:00 2001
From: Thomas Schweiger <t.schweiger@opencloud.eu>
Date: Tue, 30 Sep 2025 10:28:20 +0200
Subject: [PATCH 1/3] fix: Lico still promoted as production ready solution
 #471

---
 .../index.md                                  | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/docs/admin/configuration/authentication-and-user-management/index.md b/docs/admin/configuration/authentication-and-user-management/index.md
index 5aa4d250..d48ae1ae 100644
--- a/docs/admin/configuration/authentication-and-user-management/index.md
+++ b/docs/admin/configuration/authentication-and-user-management/index.md
@@ -7,15 +7,41 @@ title: 'Authentication and Identity Management'
 OpenCloud employs a dual-track authentication strategy:
 
 1. **Built-in IDP (Identity Provider)**:
-   - Based on LibreGraph Connect (lico)
+   - Based on LibreGraph Connect (Lico)
    - Targeted at smaller installations (up to 500 users)
    - Designed for standalone or small deployments
 
-2. **External Identity Providers**:
+2. **External IDP**:
    - Keycloak as the recommended OIDC provider for larger installations
    - Support for Azure AD, EntraID, ADFS through Keycloak
    - Enterprise-focused solution
 
+## Your Use Cases
+
+### Choose Lico if you need:
+- Simple OpenID Connect provider
+- Lightweight, fast solution
+- Small to medium deployments
+- Integration with ownCloud/LibreGraph ecosystem
+- Minimal resource footprint
+- Quick setup with basic features
+- Go-based microservice architecture
+
+### Choose Keycloak if you need:
+- Enterprise-grade IAM solution
+- SAML 2.0 support
+- Complex authorization requirements
+- Multifactor Authentication (MFA)
+- Advanced user federation
+- Fine-grained permissions
+- Multiple authentication methods
+- Large-scale deployments
+- Commercial support options
+
+### Bottom Line
+
+Keycloak is a comprehensive, enterprise-ready IAM platform with extensive features including SSO, user federation, and support for multiple protocols like OpenID Connect, OAuth 2.0, and SAML, while Lico is a lightweight OpenID Connect provider with integrated web login and consent forms, designed as a simpler alternative for smaller installations. Keycloak offers more features but requires more resources and expertise, while Lico provides a minimalist approach suitable for basic authentication needs.
+
 ## Authentication with Keycloak
 
 For production environments, we recommend using Keycloak with LDAP integration. This setup provides a robust authentication system that can scale to enterprise needs.

From 082bb8a30f57b2377857a6c97f975e0517082dbd Mon Sep 17 00:00:00 2001
From: Thomas Schweiger <t.schweiger@opencloud.eu>
Date: Wed, 1 Oct 2025 12:35:53 +0200
Subject: [PATCH 2/3] fix: review round #1

---
 .../authentication-and-user-management/index.md      | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/docs/admin/configuration/authentication-and-user-management/index.md b/docs/admin/configuration/authentication-and-user-management/index.md
index d48ae1ae..8dcb27fa 100644
--- a/docs/admin/configuration/authentication-and-user-management/index.md
+++ b/docs/admin/configuration/authentication-and-user-management/index.md
@@ -4,7 +4,7 @@ title: 'Authentication and Identity Management'
 
 # Authentication and Identity Management
 
-OpenCloud employs a dual-track authentication strategy:
+OpenCloud offers two ways to handle user authentication:
 
 1. **Built-in IDP (Identity Provider)**:
    - Based on LibreGraph Connect (Lico)
@@ -19,19 +19,17 @@ OpenCloud employs a dual-track authentication strategy:
 ## Your Use Cases
 
 ### Choose Lico if you need:
-- Simple OpenID Connect provider
-- Lightweight, fast solution
+- A simple, lightweight and minimal OpenID Connect Provider
 - Small to medium deployments
-- Integration with ownCloud/LibreGraph ecosystem
 - Minimal resource footprint
 - Quick setup with basic features
-- Go-based microservice architecture
+- Ideal for development environment
+- No Multifactor Authentication (MFA) and migration path to other IDPs
 
 ### Choose Keycloak if you need:
 - Enterprise-grade IAM solution
-- SAML 2.0 support
 - Complex authorization requirements
-- Multifactor Authentication (MFA)
+- Multifactor Authentication
 - Advanced user federation
 - Fine-grained permissions
 - Multiple authentication methods

From 58918641237f1956b1758a5dd9003e7899dfe1fa Mon Sep 17 00:00:00 2001
From: Thomas Schweiger <t.schweiger@opencloud.eu>
Date: Fri, 10 Oct 2025 22:08:18 +0200
Subject: [PATCH 3/3] fix: make lint happy

---
 .../authentication-and-user-management/index.md             | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/admin/configuration/authentication-and-user-management/index.md b/docs/admin/configuration/authentication-and-user-management/index.md
index 8dcb27fa..9944e0cb 100644
--- a/docs/admin/configuration/authentication-and-user-management/index.md
+++ b/docs/admin/configuration/authentication-and-user-management/index.md
@@ -18,7 +18,8 @@ OpenCloud offers two ways to handle user authentication:
 
 ## Your Use Cases
 
-### Choose Lico if you need:
+### Choose Lico if you need
+
 - A simple, lightweight and minimal OpenID Connect Provider
 - Small to medium deployments
 - Minimal resource footprint
@@ -26,7 +27,8 @@ OpenCloud offers two ways to handle user authentication:
 - Ideal for development environment
 - No Multifactor Authentication (MFA) and migration path to other IDPs
 
-### Choose Keycloak if you need:
+### Choose Keycloak if you need
+
 - Enterprise-grade IAM solution
 - Complex authorization requirements
 - Multifactor Authentication