TL;DR : Using keycloak as an IDM or LDAP Domain Aggregator Download the APS Identity Sync Extension: https://github.com/alex4u2nv/aps-ais-authority-sync/releases/download/v1.0.0/aps-identity-sync-java-1.0.0-jar-with-dependencies.jar Configure APS to Integrate with Keycloak as in the example activiti-identity-service.properties Configure Keycloak to integrate with multiple LDAP domains via User Federation service. Authenticate into APS using users that were synchronized. If Keycloak authentication is enabled, then authenticate through keycloak If other authentication methods bounded to same user ids (email address) then use