Welcome

Log in with WSO2 Identity Server or Keycloak to explore OIDC features side-by-side.

Get Started →
1✓ Available
WSO2 ISKeycloak

Login with email / password

Authenticate with WSO2 IS or Keycloak using a local account.

You are redirected to the IdP and returned with a valid OIDC session.
Try it →
2✓ Available
WSO2 ISKeycloak

Forgot password

Log out and go through the password recovery flow using the link on the login page.

You receive an email with a recovery link to set a new password.
Try it →
3✓ Available
WSO2 ISKeycloak

Invite & account activation

An admin invites a new user by email. The user receives a link to set their password.

A new user account is created in the IdP and an activation email arrives in MailHog (localhost:8025).
4✓ Available
WSO2 ISKeycloak

Manage login methods

Manage your authentication methods (password, social account, passkey) and set your preferred method via the self-service portal.

You can add, remove and adjust preferences for authentication methods.
5~ Partial
WSO2 ISKeycloak

Passkeys / FIDO2 / WebAuthn

Register a passkey or hardware security key and use it instead of a password.

You authenticate using Touch ID, Windows Hello, or a hardware key — no password required.
Keycloak passkey flow is documented. WSO2 FIDO2 end-to-end not yet verified.
6~ Partial
WSO2 ISKeycloak

Social login

Use Google as a federated identity provider.

After Google authentication, JIT provisioning creates a local account and you are redirected back.
Google only — Facebook and TikTok are not yet configured.
Try it →
7✓ Available
WSO2 ISKeycloak

See linked organisations after login

After authentication, your token contains all organisations you are a member of.

Your organisations are visible in the org switcher and in the token claims.
8✓ Available
WSO2 ISKeycloak

Switch organisation context

Switch your active organisation during a session without fully logging out.

A new OIDC authorisation flow runs with org_hint. Your token is updated with the new active_org.
9✓ Available
WSO2 ISKeycloak

User impersonation

A support agent temporarily acts as another user for debugging, checked by OpenFGA.

The agent obtains a token scoped to the target user's identity. Claims are displayed for inspection. WSO2 requires a browser redirect; Keycloak uses direct token exchange.