DHIS2 Security and Integrations with Keycloak SSO

This community innovation has been accepted at the 2025 DHIS2 Annual Conference


DHIS2 Security and Integrations with Keycloak SSO

As health information systems grow in complexity, ensuring seamless and secure access to data is paramount. This project presents the integration of Keycloak with DHIS2 to implement Single Sign-On (SSO) and Identity Access Management (IAM) and provide robust security features, including multi-factor authentication, secure password policies, and encryption. Our approach include an user account synchronization procedure between DHIS2 and Keycloak, aliminating manual user management tasks and reduce authentication complexity. This includes an initial bulk user import and continuous updates to maintain up-to-date user credentials and roles using DHIS2 as source, synchronizing users to Keycloak and other external apps. The outcome is a robust and scalable authentication system that minimizes security risks, reduces administrative overhead, and optimizes user experience. Beyond authentication, this integration extends to external analytical tools, including OpenSearch Dashboards and Superset. Through SSO, users can seamlessly access dashboards generated within DHIS2 and embedded external analytics without additional logins. This intervention provides a replicable model for organizations seeking to enhance authentication, security, and interoperability within their health information systems. By implementing Keycloak-based SSO, organizations can strengthen identity management, streamline workflows, and facilitate more effective data-driven decision-making across diverse digital health platforms.

Primary Author: Daniel Castelao Suárez


Keywords:
DHIS2, Keycloak, SSO, IAM, Dashboards

Great work Daniel, do you have any documentation or guide you can share? we would like to implement just two factor authentication and SSO.