Enterprise Identity Platform Migration
Keycloak v16 to v22 on Azure
Challenge
The existing Keycloak v16 deployment was running on legacy infrastructure without container support, modern security features, or proper observability. A zero-downtime migration was critical as the identity platform served all production applications.
Approach
Planned a phased migration strategy — containerizing Keycloak v22 on Azure App Service (Linux), migrating the MSSQL backend, integrating Application Insights for observability, and automating the entire infrastructure with Bicep for reproducibility.
Architecture
Keycloak v22 runs as a containerized application on Azure App Service (Linux) with a dedicated MSSQL backend. Application Insights provides telemetry and performance monitoring. The entire stack is defined as Bicep templates — App Service, Key Vault for secrets, container registry, and networking configuration.
Outcomes
- •Migrated from Keycloak v16 to v22 with zero downtime
- •Containerized deployment on Azure App Service for easier scaling and updates
- •Full observability via Application Insights integration
- •Infrastructure-as-Code via Bicep for reproducible deployments