One of the recommendations from Keycloak, is to limit the access to the master realm, or use the system without it. However, before we do so, you must first ensure that your other realms has an administrator that can manage it. After which, we can safely disable the Master realm and manage our secondary realms using their respective administrative accounts. To do this, we should first login to the master

TL;DR : Using keycloak as an IDM or LDAP Domain Aggregator Download the APS Identity Sync Extension: https://github.com/alex4u2nv/aps-ais-authority-sync/releases/download/v1.0.0/aps-identity-sync-java-1.0.0-jar-with-dependencies.jar Configure APS to Integrate with Keycloak as in the example activiti-identity-service.properties Configure Keycloak to integrate with multiple LDAP domains via User Federation service. Authenticate into APS using users that were synchronized. If Keycloak authentication is enabled, then authenticate through keycloak If other authentication methods bounded to same user ids (email address) then use