OIDC for
multi-tenant SaaS.
Self-hosted or managed.
A lean OIDC provider that's easy to operate and makes sense. Set it up in 5 minutes, or let us host it and focus on your product instead.
Why Keyline?
Three decisions that shape Keyline.
- § 01.01
Real multi-tenancy
Isolated user pools per tenant. Not a shared directory with org claims stapled on. Every virtual server is its own world: separate users, clients, signing keys, policies.
virtual-server: acme users: isolated signing-keys: per-tenant
- § 01.02
Built for automation
Configuration is YAML. Every operation is idempotent. A Kubernetes operator reconciles instances from CRDs. Declare your identity stack; commit it to git.
kind: KeylineInstance spec: flavor: dedicated version: v1.x
- § 01.03
EU-hosted. AGPL. No lock-in.
Hosted in Germany under GDPR. The whole codebase is AGPL: self-host whenever you want, export your data, keep your keys.
license: AGPL-3.0 data-region: EU export: whenever
Built for anyone needing OIDC, whether a home lab, internal SSO, a single-tenant app, or multi-tenant B2B SaaS. Same Keyline, same features, hosted or self-hosted.
“I got tired of picking between OIDC providers that were too heavy to run myself or too expensive per user to run for others. I wanted one that was neither, from a home lab up to a multi-tenant platform. So I wrote Keyline.”
- Early project. Direct contact, real user problems drive the roadmap.
- Works full-time on multi-tenant Kubernetes in production.
- Contributor to Incus and rqlite. Writes smaller open-source tools.
- Based in Germany. Subject to GDPR.
Closed beta.
Limited seats, real attention.
Tell us what you're building. If it's a fit, we'll onboard you personally and help you migrate.