Trusted by Europe's leading organizations
Securing enterprise infrastructure with centralized identity management and SSO architectures.
Trusted by Europe's leading organizations
DNA Solutions builds centralized identity and access management with Keycloak for enterprises running multi-tenant infrastructure. Our senior team handles single sign-on, role-based access control, directory federation, and migration from legacy providers, across the systems an organization already operates. This sits alongside the integration and custom development work DNA Solutions delivers in telecom and toll.
DNA Solutions designs technology that lands on your bottom line. European enterprises trust us with extreme data volumes and critical financial pipelines.
See client resultsDNA Solutions built and maintains a Deloitte-audited billing platform processing €300M in audited transactions every month.
By optimizing software licensing fees for a major European organization, DNA Solutions delivered over €1M in yearly cost savings.
A senior team of engineers and consultants across Europe.
T-Systems, Satellic, European Commission: our longest engagements last because we deliver.
DNA Solutions builds centralized identity and access management with Keycloak for high-complexity, multi-tenant environments. From single sign-on to role-based access control and provider migration, we configure the access logic across the systems an organization already runs.
What we buildSingle sign-on across business units, partners, and tenants on shared platforms. Realm and client configuration in Keycloak, token flows (OAuth 2.0, OpenID Connect, SAML), and federation with existing corporate directories and identity stores.
Scoped permissions per tenant, role, and resource. We design the role model, map it to Keycloak groups and client roles, and enforce it across the applications and APIs in an organization's stack.
Migration from legacy or in-house identity providers to Keycloak, with directory federation and user store consolidation. We map existing roles and credentials onto the new model and phase the cutover to keep authentication available during the transition.
Access is easy to stand up and hard to keep clean. Our approach keeps it coherent as the platform grows.
DNA Solutions centralizes authentication on Keycloak so one identity works across every tenant and application. We configure realms, clients, and token flows (OAuth 2.0, OpenID Connect, SAML) and federate the corporate directories an organization already runs. Where business units, partners, and tenants share the same platform, sessions, login flows, and federation are scoped per tenant from shared configuration, without forking the codebase for each one.
Access is modeled as roles and permissions mapped to Keycloak groups and client roles, rather than checks hard-coded into each application. A new role or a changed rule becomes a configuration change instead of a release. We define the role model with your team, enforce it across the applications and APIs in the stack, and keep least-privilege auditable as tenants, partners, and services are added over the life of the platform.
DNA Solutions migrates from legacy or in-house identity providers to Keycloak without locking users out. We federate the existing directories, consolidate user stores, and map current roles and credentials onto the new model. The old and new providers run in parallel through the transition, and we phase the cutover one user segment at a time, switching each over only once its accounts reconcile, so authentication stays available throughout.
Identity is only as strong as how sessions and tokens are handled. DNA Solutions configures token lifetimes, refresh and revocation, and session policies per tenant, and supports multi-factor authentication where an environment requires it. Authentication and authorization events are logged with the context needed to trace who accessed what and when. This gives security and compliance teams a clear access record across the platform and a basis for the reviews European operators are expected to run.
In telecom and tolling, operators, partners and tenants share one infrastructure. We adapt the Keycloak identity core to each sector's access and federation rules.
Identity and access management for OSS/BSS, partner portals, and subscriber-facing platforms where multiple operators and partners share infrastructure.
Centralized access control for toll operators and consortia, where multiple national operators and service providers connect to shared road-charging systems.
IAM with Keycloak sits alongside our enterprise integration and custom development work, federating identity across the systems an organization already runs.
How we architect centralized identity and access control into the platforms DNA Solutions builds.
A single payment gateway unifying transactions across a multi-product platform, with reconciliation built in.
One gateway, every product
A scalable microservices architecture that rates high volumes of GPS events and applies multi-country tax rules to generate unified invoices.
Rating pipeline, multi-countrySenior decision-makers on the infrastructure and platform engagements DNA Solutions has delivered.
"DNA works with us to deliver digital systems at scale so that we can serve our customers digitally. They are both reactive to requests and proactive with ideas and proposals."
"The real connection between sales and delivery is what sets them apart. Most IT companies have salespeople disconnected from the people actually building the solution. At DNA, that's simply not the case."
"The quality of the people I worked with and the seriousness of the project management stood out. DNA built a backend and app for a highway toll system, and the human side of the company is truly remarkable."
Common questions on Keycloak, migration and multi-tenant access.
DNA Solutions handles Keycloak deployment, realm and client configuration, single sign-on, role-based access control, federation with existing directories, and migration from legacy identity providers. We start by reviewing the identity landscape an organization already runs, the directories in place, the applications that need access, and how tenants and partners are separated. From there we define the scope with your team before the engagement starts, covering token and session policies, the role model, and the cutover plan. The work is delivered alongside the integration and custom development DNA Solutions provides, so identity fits the wider platform rather than sitting in isolation. You can expect a configured Keycloak environment, the role model documented, and your engineers walked through how to operate it.
Keycloak is an open-source identity and access management server that supports OAuth 2.0, OpenID Connect, and SAML. It covers single sign-on, identity federation, multi-factor authentication, and role-based access control without per-seat licensing, which is why DNA Solutions uses it for multi-tenant enterprise environments. Because it is open source, there is no vendor lock-in and no per-user cost as the platform grows, which matters when one environment serves many tenants and partners. It federates the directories an organization already runs instead of replacing them, and it is deployed on your own infrastructure, so identity data stays under your control. For European operators that need to host within their own region and audit access closely, that combination of standards support, cost model, and self-hosting is the practical reason to standardize on it.
Yes. We migrate from legacy or in-house identity providers to Keycloak, federate existing directories, consolidate user stores, and phase the cutover so authentication stays available during the transition. We begin with an audit of how users, roles, and credentials are structured today, then map that model onto Keycloak realms, groups, and client roles. The old and new providers run in parallel while we validate that accounts reconcile. Rather than a single switch for everyone, we move one user segment at a time and confirm each segment authenticates correctly before moving the next. This phased approach keeps logins working throughout and leaves a path back at each step, so the migration does not put daily access to your platforms at risk while it is underway.
Yes. Multi-tenant access is the core of this work. We design the role model, configure scoped permissions per tenant, role, and resource in Keycloak, and enforce it across the applications and APIs in your stack. Each tenant, business unit, or partner gets the access it needs and nothing beyond it, with isolation handled through realm and group structure rather than logic copied into every application. Roles and rules live as configuration, so adding a tenant or adjusting permissions is a change you can make and review, not a code release. Authentication and authorization events are logged so access can be traced and reviewed. This is the same pattern we apply to telecom and toll platforms, where many operators share infrastructure and each needs its own scoped access.