Keycloak 26.2 revises fine-grained admin permissions

The Keycloak team has released version 26.2 of the open-source software for identity and access management (IAM). It comes with several new features, including token exchange, admin permissions and use with the Grafana visualization platform.

Keycloak is an incubation project of the Cloud Native Computing Foundation (CNCF), which presented some new cloud-native features at its in-house exhibition KubeCon EU last week.

Standard Token Exchange

Keycloak 26.2 brings support for the Standard Token Exchange, which implements the OAuth 2.0 token exchange specification and has been in preview for some time. So far, however, its use has been limited to the exchange of internal tokens for internal tokens. The possibilities are to be expanded in future Keycloak releases. If you want to find out more about the change from legacy token exchange to the new procedure, you can find the relevant help in the Upgrading Guide.

Visualization with Grafana and more targeted admin control

In terms of observability, there are several instructions available on the Keycloak website, for example for monitoring user activities with event metrics or troubleshooting using metrics. A new guide called “Visualizing activities in a dashboard” has now been added there, which covers the display of metrics in Grafana dashboards in detail.

Another new feature concerns the handling of realms: In Keycloak, there are isolated areas (realms) that manage a set of users, credentials, roles, and groups. Keycloak 26.2 brings version 2 of the fine-grained admin permissions to provide increased flexibility and control over administrative access within realms. With this feature, the administration of realms can be delegated to other admins, the realm administrators, and restricted to a subset of realm resources – i.e., users, groups, clients, etc. – and their actions. – and their actions. Further information on these fine-grained authorizations can be found in the documentation.

Everything else about Keycloak 26.2 can be found in the blog entry on the release.

More on the topic: Mastering Observability 2025

Logs, metrics and traces are important, but ... only through observability is it possible to successfully assess, monitor and improve distributed systems. The online conference Mastering Observability on June 5, 2025 is the event for everyone who takes responsibility for ensuring that software systems work reliably in distributed environments and that applications are deployed securely and with high performance: Developers, Ops professionals, DevOps and platform teams.

Highlights from the program:

• Standardized observability with OpenTelemetry
• Think Big: Monitoring Stack was yesterday - Observability Platform at scale!
• Running Loki in AWS - insights and pitfalls
• 011y worst practices - A measured tier list
• Holistic Observability with Synthetic Monitoring and OTel Signals
• From data to decisions: AI-supported observability for modern systems

Get your tickets with early bird discount until May 7!

(mai)