- Type:`POST`

- Response code:`204`

You can add the deployed service main application in a[Network Group](/doc/develop/network-groups/) to activate some enhanced features:

-`keycloak`:two instances are deployed and synced through a Network Group

-`keycloak`:[Secured Multi Instances feature](/doc/addons/keycloak/#secured-multi-instances)

-`otoroshi`: once in a Network Group, an Otoroshi instance can be used in front of Clever Cloud applications

title:New Keycloak dashboard is available with Secured Multi Instances easy to enable

description:Better manage your Keycloak on Clever Cloud, with Secured Multi Instances based on Wireguard Network Groups

date:2025-10-07

tags:

-addons

-keycloak

authors:

-name:Sébastien Allemand

link:https://github.com/allemas

image:https://github.com/allemas.png?size=40

-name:David Legrand

link:https://github.com/davlgd

image:https://github.com/davlgd.png?size=40

excludeSearch:true

When you deploy Keycloak on Clever Cloud, you now have access to a better dashboard to manage it. This dashboard provides direct access to Keycloak admin panel, useful information such as deployed version, underlying resources, initial user/password, edit name, tags, etc. You can easily rebuild/restart your Keycloak instance with[Blue/Green deployment](/doc/best-practices/blue-green/), access the Grafana dashboard, transparently update Keycloak to a new version when available:


The Keycloak dashboard also makes Secured Multi Instances directly available from the Console, and not only through[API](/api) or[Clever Tools](/doc/cli). It adds a second Java application instance to your Keycloak which brings more resiliency and availability to your identity management solution. As communication through such cluster use an unencrypted Infinispan connection, a Network Group is automatically created and used to isolate this traffic through a private, encrypted,[WireGuard](https://www.wireguard.com/) network.

If you also need a more resilient database, contact your sales representative or[Clever Cloud support](https://console.clever-cloud.com/ticket-center-choice).

-[Learn more about Network Groups](/doc/develop/network-groups/)

-[Learn more about Keycloak on Clever Cloud](/doc/addons/keycloak)

-oauth

-openid connect

-security

-wireguard

-multi instances

aliases:

-/doc/deploy/addon/Keycloak

-/doc/keycloak

2. Select the Keycloak add-on

3. You can skip linking the add-on to an application, it won't be needed

4. Enter a name for your Keycloak add-on and select the zone where you want it to be deployed

5. You'll have access to the Keycloak dashboard, your instance will be ready in a few seconds


Refer to the[Clever Tools documentation](https://github.com/CleverCloud/clever-tools/tree/master/docs) for more details on add-on creation.

Refer to the[Clever Tools documentation](/doc/cli/addons) for more details on add-on creation.

clever addon create keycloak --addon-version<version> myKeycloak

Once enabled in the Keycloak dashboard, it adds a second Java application instance to your Keycloak which brings more resiliency and availability to your identity management solution. Instances are transparently restarted and linked through a[Network Group](/doc/develop/network-groups), used to isolate internal cluster traffic through a private, encrypted,[Wireguard](https://www.wireguard.com/) network. You can disable this feature at any time, as easily as you enabled it.

clever featuresenable operators

If you also need a more resilient database, contact your sales representative or[Clever Cloud support](https://console.clever-cloud.com/ticket-center-choice).

clever keycloak version check keycloak_name_or_id

clever keycloak version check keycloak_name_or_id --format json

clever keycloak version update myKeycloak

clever keycloak version update myKeycloak<new_version>

- Learn more about[Operators commands in Clever Tools](/doc/cli/operators/)

To change the version of a Keycloak add-on on Clever Cloud, you can:

- Use the Console Dashboard

- Use[Clever Tools](/doc/cli/operators/)

- Update the`CC_KEYCLOAK_VERSION` environment variable of the underlying Java Application and rebuild it

When a resource is linked to a Network Group, you can reach it on any port inside this private network with its domain name. An application instance is a peer, you can reach through an IP (from the attributed CIDR). It works the same way for add-ons and external resources.

-[Network Groups demo application](https://github.com/CleverCloud/network-groups-example)

-[Keycloak Secured Multi Instances](/doc/addons/keycloak/#secured-multi-instances)

-[How to use Network Groups from Clever Tools](/doc/cli/network-groups/)

-[Keycloak and Otoroshi native support for Network Groups](/api/v4/#network-groups)

-[Tell us what you think of Network Groups and what features you need from it in](https://github.com/CleverCloud/Community/discussions/categories/network-groups).