IFTM modernizes authentication with Keycloak for SSO and Gov.br
Brazil’s Instituto Federal do Triângulo Mineiro (IFTM) modernized its authentication and identity management ecosystem with Keycloak, enabling secure Single Sign-On across systems, integration with Gov.br (Brazil’s national digital identity provider), and compatibility with modern cloud-native applications. The migration is boosting interoperability, strengthening security to meet national standards, and laying the foundation for a future-ready digital campus.
About IFTM
The Instituto Federal do Triângulo Mineiro (IFTM) is a public educational institution in Brazil offering higher education with a strong focus on technical and technological training. IFTM provides academic, vocational and technology-oriented programs across multiple campuses, supporting students, faculty, and administrative users through internally developed digital services.
Its technology team builds, maintains, and hosts the institution’s systems, including its central ERP, supporting academic, administrative, and student-facing operations.
Projects used
By the numbers
12000+
active users benefiting from unified login across platforms
1
centralized IAM replacing multiple isolated authentication systems
zero
licensing cost for IAM modernization
Challenge: Breaking free from monolithic limitations to enable integration and innovation
For years, IFTM relied on a monolithic, PHP-based ERP system with its own native session-based login mechanism. While functional for a single application, it created critical limitations:
Key challenges
- Fragmented authentication: PHP session-based login only worked within the ERP, making it extremely difficult to authenticate users across multiple systems.
- Limited system interoperability: Integrations with modern platforms and third-party solutions were slow, complex, or not feasible.
- Architectural constraints: The legacy monolith slowed innovation and adoption of modern technologies such as microservices, use of modern front-end frameworks, containers, and CI/CD pipelines.
- Security and compliance requirements: Brazil’s national technology and data protection rules require modern authentication standards and robust governance.
- Growing integration needs: IFTM needed to integrate systems for online learning, digital document signing, government services, and new cloud-native apps.
Solution: Modern identity management with Keycloak: A bridge to the future
An external system integration requirement exposed a critical limitation in IFTM’s existing authentication model, which was not compatible with modern identity standards. The partner team recommended Keycloak as a potential solution. The suggestion aligned precisely with IFTM’s strategic objective to modernize its technology tools and evolve beyond the constraints of its legacy architecture. Following internal technical evaluation and alignment with modernization goals, Keycloak was selected as the platform capable of addressing both the immediate integration needs and establishing a scalable, standards-based foundation for future interoperability, security, and digital transformation initiatives.
“Keycloak arrived at the perfect moment for us. We had reached a point where our legacy architecture was limiting innovation and integration, and implementing Keycloak not only removed those barriers but opened the door for us to modernize our technology stack and rethink how we build and integrate systems at IFTM.”
Carlos Rodovalho, Systems Analyst at IFTM
Why Keycloak
- Eliminates vendor lock-in and licensing costs. As we are a public organization, this is an essential feature.
- Strong community support
- Open standards (OAuth2, OIDC) enable interoperability
- Ideal for on-prem, container-based deployments
- Flexible customization through SPIs and themes
Solution highlights
IFTM introduced Keycloak as its centralized IAM and integrated it into both legacy and modern systems:
| System | Integration Result |
|---|---|
| PHP-based ERP (legacy monolith) | Centralized authentication replaces isolated session model |
| Moodle (Remote learning platform) | Unified login for students and teachers |
| React + Node.js Microservices | OAuth-based authentication, enabling modern app development |
| Gov.br | Citizens can log in using Brazil’s official national identity |
| Digital Document Sign Service | OAuth integration enables secure academic document signing |
| OpenLDAP | Integrated with Keycloak for centralized user management |
Additional implementation components:
- Custom SPIs to adapt Keycloak to IFTM’s business rules
- Custom themes aligned to IFTM’s visual identity for a consistent user experience
- Internal authorization system maintained and integrated for business-critical needs
- Docker-based environments for Keycloak deployments
Security, automation, and governance built-In
To ensure reliability, consistency, and safe evolution of the IAM environment, IFTM adopted modern DevOps and infrastructure-as-code practices:
- Keycloak configuration managed with Terraform for versioning, reproducibility, and safer change management
- GitHub Actions used for CI/CD of Keycloak configurations and custom SPI builds and deployment
- Compliance built into IAM architecture to meet Brazilian government cybersecurity and digital identity regulations
Impact
What improved
- Single Sign-On (SSO) across systems — One login for ERP, Moodle, and modern apps, improving the user experience for students, faculty, and staff.
- Interoperability unlocked — OAuth2/OIDC adoption allows integration with external government and educational services.
- Compliance and security strengthened — Aligns with national technology and security standards for public institutions.
- Accelerated digital transformation — IAM modernization enables expansion to microservices and cloud-native architecture.
- Operational efficiency through automation — Terraform + CI/CD reduces manual configuration errors and speed up rollouts.
What’s next
IFTM’s next steps include implementing Two-Factor Authentication (2FA) to further enhance security, expanding Keycloak integration to additional internal and third-party systems, continuing the modernization of applications using microservices and cloud-ready architecture, and increasing engagement with the open-source community through sharing feedback, testing, and potential contributions.