Skip to content

fix: Lico still promoted as production ready solution #471 #474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
schweigisito merged 3 commits into from
Oct 13, 2025
Merged

fix: Lico still promoted as production ready solution #471 #474

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
379d297
fix: Lico still promoted as production ready solution #471
schweigisito Sep 30, 2025
082bb8a
fix: review round #1
schweigisito Oct 1, 2025
5891864
fix: make lint happy
schweigisito Oct 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 29 additions & 3 deletions docs/admin/configuration/authentication-and-user-management/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,44 @@ title: 'Authentication and Identity Management'

# Authentication and Identity Management

OpenCloud employs a dual-track authentication strategy:
OpenCloud offers two ways to handle user authentication:

1. **Built-in IDP (Identity Provider)**:
- Based on LibreGraph Connect (lico)
- Based on LibreGraph Connect (Lico)
- Targeted at smaller installations (up to 500 users)
- Designed for standalone or small deployments

2. **External Identity Providers**:
2. **External IDP**:
- Keycloak as the recommended OIDC provider for larger installations
- Support for Azure AD, EntraID, ADFS through Keycloak
- Enterprise-focused solution

## Your Use Cases

### Choose Lico if you need

- A simple, lightweight and minimal OpenID Connect Provider
- Small to medium deployments
- Minimal resource footprint
- Quick setup with basic features
- Ideal for development environment
- No Multifactor Authentication (MFA) and migration path to other IDPs

### Choose Keycloak if you need

- Enterprise-grade IAM solution
- Complex authorization requirements
- Multifactor Authentication
- Advanced user federation
- Fine-grained permissions
- Multiple authentication methods
- Large-scale deployments
- Commercial support options

### Bottom Line

Keycloak is a comprehensive, enterprise-ready IAM platform with extensive features including SSO, user federation, and support for multiple protocols like OpenID Connect, OAuth 2.0, and SAML, while Lico is a lightweight OpenID Connect provider with integrated web login and consent forms, designed as a simpler alternative for smaller installations. Keycloak offers more features but requires more resources and expertise, while Lico provides a minimalist approach suitable for basic authentication needs.

## Authentication with Keycloak

For production environments, we recommend using Keycloak with LDAP integration. This setup provides a robust authentication system that can scale to enterprise needs.
Expand Down