Keycloak passkeys and MFA

Integrate passkeys and MFA with Keycloak.

Seamless and secure authentication in weeks (not months) with Authsignal’s no-code rules engine, pre-built UI, and SDKs.

View docsStart integrating
Delivering world-class results for:
First credit union logo
DKV logo
Simplicity logo
Hnry logo
Air New Zealand logo
Trademe logo
First credit union logo
DKV logo
Simplicity logo
Hnry logo
Air New Zealand logo
Trademe logo
AWS Cognito provides standard login authentication capabilities within the AWS ecosystem
Basic login Authentication

Secure your login, with basic MFA and Passkeys, with minimal engineering lift.

AWS-Native Development

Integration with AWS services like Lambda, API Gateway, and DynamoDB.

Simplified Compliance

Leverage AWS’s existing security certifications with minimal customization.

Development Prototypes

Quick authentication setup for internal tools or proof-of-concept applications

For advanced authentication needs, Authsignal augments Cognito with enterprise-grade features while preserving your AWS infrastructure.
AWS Cognito vs. Authsignal + AWS Cognito
AWS Cognito Passkeys
Passkey support on managed login
Passkey Support
MFA Options
Authsignal + AWS Cognito
Embedded passkeys anywhere in your app, implemented via hosted UI or SDKs for web and native mobile apps
TOTP, SMS, email OTP
+ Push, WhatsApp, biometrics, magic links
Adaptive Authentication
Basic risk scoring
Visual no-code rules and policy engine, deploy in seconds
Customization & UX
Basic UI customization
Fully brandable, pre-built UI components and SDKs
Implementation
Requires complex implementation and WebAuthn protocol handling when not using managed login
No-code/low-code, rapidly deploy with pre-built UI and SDKs
Passkey Support
AWS Cognito

Passkey support on hosted login page

AWS Cognito + Authsignal

Full passkey support, drop-in anywhere
+
SDKs for native mobile apps

MFA Options
AWS Cognito

TOTP, SMS, email OTP

AWS Cognito + Authsignal

+ Push, WhatsApp, biometrics, magic links

Adaptive Authentication
AWS Cognito

Basic risk scoring

AWS Cognito + Authsignal

Visual no-code rules and policy engine, deploy in seconds

Customization & UX
AWS Cognito

Basic UI customization

AWS Cognito + Authsignal

Fully brandable, pre-built UI components and SDKs

Implementation
AWS Cognito

Requires manual setup and WebAuthn protocal handling

AWS Cognito + Authsignal

No-code/low-code, deploy in weeks with pre-built UI and SDKs

Choose your option
AWS Cognito
AWS Cognito

Stick with plain AWS Cognito if you just need basic passkey support and have AWS experts who can build custom workflows.

AWS Cognito + Authsignal
Authsignal + AWS Cognito

Use Authsignal with AWS Cognito when you need adaptive security, flexible passkey + MFA flow and faster time-to-market  - without needing AWS engineering experts.

Start now
Read the docs

Fastest way to integrate MFA and passkeys with Keycloak.

Achieve best-in-class user experience
Optimize login speed. Up to 4X
Phishing resistant authentication
Rebuilding trust and authentication in-house can be daunting.

The cost, complexity, and time required to maintain these processes shouldn’t hold your business back.

Our proven Keycloak integration lets you deploy best practices quickly and confidently.
Authsignal empowers thousands of users to authenticate seamlessly with passkeys and MFA—integrated directly with Keycloak.
Stay focused on what you do best. Trust Authsignal for authentication.

Drop in Authsignal to enable passkeys and MFA in weeks not months. Leverage our visual rules and policies builder to secure user journeys effortlessly. Deliver trusted, secure experiences—fast.

3 ways to implement passkeys and MFA within Keycloak

Pre-built UI
Most guardrails
Fast deployment
Customizable, brand-ready UI
Implement passkeys and MFA with Authsignal's pre-built UI.

Get started for free with up to 2000 monthly active users.

Learn more
UI components
Best for embedding in existing apps
Pre-designed adaptable elements
Implement passkeys and MFA with Authsignal's UI components.

Get started for free with up to 2000 monthly active users.

Learn more
Custom UI
Most flexible
Best for fully tailored user experiences
Fully customizable authentication
Implement passkeys and MFA with Authsignal's custom UI.

Get started for free with up to 2000 monthly active users.

Learn more

Most guardrails

Most flexibility

Faster to implement

More time required

Partnering with Authsignal is simple and powerful

Start today, no cost

Create a free account for full access and begin integrating immediately.

Start integrating

Quick & easy integration

Follow our step-by-step guides to get up and running without friction.

Explore docs

Expert support anytime

Access our exclusive private Slack channel for tailored advice and real-time support from our team.

Support

Flexible pricing options

Plans start at just $349 per month, or connect with sales for enterprise solutions tailored to your needs.

Explore pricing

FAQs

Why choose Authsignal to integrate passkeys with Keycloak?

  1. Deploy passkeys and MFA in days instead of months.
  2. Enjoy flexible integration options, including pre-built UX/UI or headless setups.
  3. Leverage a visual no-code rules engine to create custom rules and policies effortlessly.
  4. Access real-time developer support, comprehensive documentation, and integration guides.

How do I get started with integrating Authsignal and Keycloak?

Getting started is straightforward:

  1. Sign up for an Authsignal account.
  2. Configure Authsignal’s API keys in your Keycloak instance.
  3. Use our step-by-step documentation to enable passkey authentication and MFA flows. For a full walkthrough, check out our Keycloak integration guides.

What programming languages or SDKs are supported for integration?

Authsignal offers SDKs for popular languages, including Java, JavaScript, Python, and more, ensuring smooth compatibility with Keycloak’s architecture. Read the docs here.

What does it cost to Integrate with Authsignal?

Integrating with Authsignal is completely free. You can create an account here. Authsignal also offers paid plans with additional features—learn more about our plans and pricing here.

Which MFA methods does Authsignal support and enhance?

In addition to passkeys, Authsignal supports a range of authentication factors, including Multi-Factor Authentication (MFA) methods such as SMS, email, TOTP, and push notifications. This ensures flexibility and security for various use cases and user preferences.

Resources and guides

arrow right
arrow right
arrow right
Add passkeys & MFA in Keycloak with Authsignal.
Talk to an expert

You might also like

How to actually stop credential stuffing in 2025
October 21, 2025
Credential stuffing attacks are evolving fast, are your defenses keeping up? Discover how adaptive MFA, behavioral biometrics, and passkeys can stop attacks in 2025. Learn what actually works today.
Credential-stuffing
Multi-factor authentication
Passkeys
Push authentication
Open link
Looking for a Passage alternative? Why teams are migrating to Authsignal
October 17, 2025
Passage by 1Password is shutting down in January 2026. Learn how to migrate to Authsignal, a future-ready authentication platform with passkeys, adaptive MFA, and no-code orchestration for modern identity security.
Passkeys
Multi-factor authentication
Open link
Authsignal Partners with ServiceNow to Launch Native Passkey Authentication to Contact Center Workflows
October 7, 2025
Authsignal’s ServiceNow integration brings passkey, push, WhatsApp OTP, and biometric authentication to Contact Center workflows, enabling secure inbound and outbound caller verification directly within the ServiceNow platform.
Partnerships
Call center authentication
Passkeys
Multi-factor authentication
Open link
First Credit Union & Authsignal | A Passkey Deployment Case Study
October 2, 2025
Read how First Credit Union and Authsignal partnered to optimize user experience and security with FIDO2 passkeys for their banking customers. A practical case study for product managers planning to deploy phishing-resistant passkeys.
Case Study
FIDO2
Passkeys
Passkeys implementation
Open link
How Authsignal’s passkey uplift flow solves the password problem
September 12, 2025
Passwords are broken, but passkeys offer a secure, phishing-resistant future. See how Authsignal's passkey uplift flow helps apps drive adoption, reduce friction, and guide users toward a passwordless experience.
Passkeys
Step up authentication
Passkey uplift flows
Open link
What issuing and verifying millions of passkeys has taught us at Authsignal
August 13, 2025
Discover key lessons from issuing and verifying millions of passkeys at Authsignal. Explore adoption trends, real-world enterprise results, and why the passwordless future is arriving faster than expected.
Passkeys
Authsignal
Passwordless authentication
Analysis
Open link
Duende Identity Server + Authsignal

Supercharge Duende IdentityServer with Authsignal to unlock advanced authentication

Unlock enterprise-grade authentication by integrating Authsignal with Duende IdentityServer. Go passwordless, deploy passkeys, biometrics authentication, WhatsApp OTP, and step-up or risk-based authentication - without adding engineering complexity. Manage policies effortlessly with a no-code rules engine.

View documentationStart integrating
Delivering world-class results for:
First credit union logo
DKV logo
Simplicity logo
Hnry logo
Air New Zealand logo
Trademe logo
First credit union logo
DKV logo
Simplicity logo
Hnry logo
Air New Zealand logo
Trademe logo
AuthSignal's icon
Authsignal benefits
A speed icon
Optimize login speed: Up to 4X faster
A shield icon
Phishing resistant authentication
A multi-screens icon
Deploy passkeys and MFA in days instead of months

Duende IdentityServer is powerful, but incomplete

You chose Duende Identity Server for good reasons: standards compliance, complete control, and flexible deployment. But when your security requirements grow beyond basic authentication, you face a choice:

Build it yourself

Months of development, ongoing maintenance

Or

Enhance your flows with Authsignal

Days to deploy, enterprise features included

Fastest way to integrate MFA and passkeys with Duende IdentityServer

Instead of replacing your investment, Authsignal seamlessly integrates to fill the gaps, giving you enterprise authentication without the enterprise development effort.

Here's how they work together seamlessly:

Duende IdentityServer handles:

Your core authentication infrastructure with full control over protocols, tokens, and business logic.

Authsignal enhances:

The login flow by integrating directly after credential validation, adding enterprise-grade MFA and passkey capabilities through simple API calls.

Your existing flow

User enters credentials
Duende validates
Tokens are issued

Enhanced flow with Authsignal

User enters credentials
Duende validates
Authsignal MFA / Passkeys
Tokens are issued

What Authsignal unlocks

Features
Duende Identity Server
Authsignal + Duende IdentityServer
Passkeys for login
Requires third-party component
Embed passkeys into your app’s workflow
Basic multi-factor authentication (MFA)
TOTP via ASP.NET identity
Advanced multi-factor authentication (MFA)
Biometric authentication
Palm biometrics
Customisable and pre-built login screen with visual indicator
Requires custom development
Customisable authentication screens with visual editor
Fraud detection
Adaptive authentication
Visual policy builder (no-code rule management)

Authsignal provides a powerful suite of authenticators to meet diverse use cases.

WhatsApp OTP
Reduce SMS cost by up to 90%.
Passkeys
Eliminate passwords with phishing-resistant authentication.
Identity verification
Verify users' identities with government IDs, biometrics, or data checks.
Biometric Authentication
Reduce friction with authenticating.
Push Notifications
Send authentication links for one-tap login.
Adaptive authentication
Challenge high-risk logins while keeping trusted users frictionless.
SMS OTP
Deliver time-sensitive one-time passcodes via SMS.
Email OTP
Deliver time-sensitive one-time passcodes via email.
Authenticator apps
Secure offline MFA with time-based codes from Google Authenticator, and more.
WhatsApp OTP
Reduce SMS cost by up to 90%.
Passkeys
Eliminate passwords with phishing-resistant authentication.
Identity verification
Verify users' identities with government IDs, biometrics, or data checks.
Biometric Authentication
Reduce friction with authenticating.
Push Notifications
Send authentication links for one-tap login.
Adaptive authentication
Challenge high-risk logins while keeping trusted users frictionless.
SMS OTP
Deliver time-sensitive one-time passcodes via SMS.
Email OTP
Deliver time-sensitive one-time passcodes via email.
Authenticator apps
Secure offline MFA with time-based codes from Google Authenticator, and more.

Partnering with Authsignal is simple and powerful

Start today, no barriers

Create a free account for full access and begin integrating immediately.

Start integrating

Integration made easy

Follow our step-by-step guides to get up and running without friction.

Explore docs

Expert support anytime

Access our exclusive private Slack channel for tailored advice and real-time support from our team.

Support

Flexible pricing options

Plans start at just $99 per month, or connect with sales for enterprise solutions tailored to your needs.

Explore pricing

FAQs

Why choose Authsignal to integrate passkeys with Keycloak?
  1. Deploy passkeys and MFA in days instead of months.
  2. Enjoy flexible integration options, including pre-built UX/UI or headless setups.
  3. Leverage a visual no-code rules engine to create custom rules and policies effortlessly.
  4. Access real-time developer support, comprehensive documentation, and integration guides.
How do I get started with integrating Authsignal and Keycloak?

Getting started is straightforward:

  1. Sign up for an Authsignal account.
  2. Configure Authsignal’s API keys in your Keycloak instance.
  3. Use our step-by-step documentation to enable passkey authentication and MFA flows. For a full walkthrough, check out our Keycloak integration guides.
What programming languages or SDKs are supported for integration?

Authsignal offers SDKs for popular languages, including Java, JavaScript, Python, and more, ensuring smooth compatibility with Keycloak’s architecture. Read the docs here.

What does it cost to Integrate with Authsignal?

Integrating with Authsignal is completely free. You can create an account here. Authsignal also offers paid plans with additional features—learn more about our plans and pricing here.

Which MFA methods does Authsignal support and enhance?

In addition to passkeys, Authsignal supports a range of authentication factors, including Multi-Factor Authentication (MFA) methods such as SMS, email, TOTP, and push notifications. This ensures flexibility and security for various use cases and user preferences.

Authsignal delivers passwordless and multi-factor authentication as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOCFido Certified
LinkedInTwitter
Passwordless / multi-factor authentication (MFA)
Pre-built UI (low code)UI components (customizable)Custom UI (flexible)
Why Authsignal?
Drop-in authentication
Risk-based authentication PasskeysBiometric authenticationWhatsApp OTPSMS OTPEmail OTPMagic linksAuthenticator apps (TOTP)Push authenticationPalm biometrics
Rules and policies engine
User observability
Industries
Financial services
Marketplace
e-Commerce
FinTech
Crypto
View all industries
Teams
Engineers
Use cases
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
View all use cases
Identity providers (IDPs)
Amazon Cognito
Auth0
Azure AD B2C
Custom identity provider
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
ASP.NET
C#
Java
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
BlogDeveloper docsFree Figma mobile passkeys templateFree Figma desktop passkeys templateFree Figma webapp passkeys template
Company
About usWhy AuthsignalCareersPress releasesContact us
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2025 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies