Integration
Passwordless & biometric authentication for Keycloak
Enable secure and seamless login to your applications with ProID for Keycloak. Our OIDC based integration replaces vulnerable TOTP codes with Biometric and Passwordless Authentication, ensuring only trusted users can access your critical systems.
Introduction
Securing authentication has never been more critical. Passwords and even traditional one-time codes (TOTP) are no longer sufficient – studies show that over 80% of data breaches involve weak or stolen credentials. TOTP, while widely used, is also vulnerable to phishing, malware, and redirection attacks, leaving organizations exposed.
ProID integrates with Keycloak via OIDC to provide Biometric and Passwordless Authentication. Instead of entering codes, users simply confirm access on their smartphone using fingerprint or facial recognition – making login both stronger and more user-friendly.
Common Security Risks:
- Passwords are still the weakest link – Over 80% of data breaches involve weak or stolen credentials. Password-only login leaves applications and sensitive data wide open to attackers.
- TOTP isn’t phishing proof – Time-based one-time codes can be intercepted by malware or redirected in man-in-the-middle attacks. What should protect your users can still be bypassed and creates frustration with every login.
- Compliance at risk – GDPR, ISO 27001, and NIS2 require strong identity verification. Relying only on passwords or TOTP puts your organization at risk of failing audits and exposing critical systems.
How ProID Solves Them:
- Biometric MFA instead of TOTP – ProID replaces vulnerable one-time codes with fingerprint or Face ID confirmation in the ProID Mobile App. No codes to type, no risk of phishing or redirection.
- Phishing resistant login – Authentication requests are delivered as secure push notifications, ensuring only the rightful user can approve access.
- Seamless OIDC integration – ProID connects directly to Keycloak via OIDC, so deployment is fast and does not disrupt existing workflows.
- Compliance made simple – With strong identity verification, ProID helps organizations meet requirements of GDPR, ISO 27001, and NIS2, while reducing the burden of password policies.
How it Works with OIDC?
OpenID Connect (OIDC) is a modern authentication protocol built on OAuth 2.0, enabling secure Single Sign-On across applications. In this setup, Keycloak acts as the Service Provider while ProID serves as the trusted Identity Provider.
Users authenticate via the ProID Mobile App, confirming access with biometrics instead of passwords or TOTP codes. ProID then issues a signed OIDC response to Keycloak, which validates it and grants access.
This streamlined process delivers phishing-resistant, passwordless login with minimal friction for users.
ProID offers full integration of Multi-Factor Authentication (MFA) with Keycloak, providing secure access to applications and systems, and ensuring that only authorized users can log in
Why ProID for Keycloak?
ProID brings enterprise-grade security and user experience to your existing Keycloak environment. By extending Keycloak with Passwordless biometric login, organizations gain stronger protection, higher user adoption, and simplified compliance.
Key benefits:
- Replaces weak TOTP codes with Passwordless biometrics – secure login via Face ID or Fingerprint.
- Blocks phishing and credential stuffing – no passwords or codes to intercept.
- Boosts user comfort and adoption – quick mobile confirmation instead of typing one-time codes.
- Ensures compliance – meet security requirements of GDPR, ISO 27001, and NIS2.
System Architecture
Latest integrations
…and many others
