Problem
We migrated identity from a legacy provider to Keycloak, and inherited the stock theme — generic, blue, and unmistakably "someone else's product." The login screen is the first thing every patient sees, and it needed to feel like the rest of the platform, not like a third-party landing page bolted on.
Approach
I built a Keycloakify-based theme as its own deployable artifact, so identity UI ships on its own pipeline — independent of the Keycloak server. Replaced every consumer-facing template: login, registration, TOTP and email OTP, forgot-password, verify-email. Themed the transactional emails to match so the brand stays consistent from the marketing site through to the inbox. Unified the Keycloak server image and the theme image into a single ECR pipeline so deploys stay simple.
Result
A login experience indistinguishable from the rest of the product — consistent typography, color, and tone across every touchpoint. Identity UI now iterates in hours, not days, because theme changes don't drag the Keycloak server along with them. And the team can evolve the auth surface without spelunking into the Keycloak codebase every time.
