Rheinbahn AG: When Keycloak alone is no longer enough

Initial situation

Increasing user numbers and security requirements overloaded the existing Keycloak environment

Rheinbahn AG is one of the largest and most traditional public transport companies in North Rhine-Westphalia. The company transports millions of passengers a year and operates an extensive network of trams, buses and subways. With the increasing digitization of customer services and the introduction of new products such as the Germany ticket, IT managers at Rheinbahn faced several challenges:

• Increasing user numbers: The introduction of the Germany ticket led to a rapid tripling of registered users within just six months.
• Higher safety requirements: Both passengers and company management expected the latest security standards to reliably protect users' personal data.
• Complexity of existing IT infrastructure: Rheinbahn was already using keycloak-based authentication, which was operated by an external service provider. But this solution proved neither flexible nor scalable enough to meet growing requirements. In addition, the high coordination effort with the external service provider required many internal resources.

Project goals

Higher security and relief for internal IT

1. Less IT costs while expanding services: Relief for internal employees despite the development of Single Sign-On (SSO) in order to provide users with easy and uniform access to all digital services.
2. Scalable IT infrastructure: Delivering a solution that is designed for future growth and allows seamless and easy integration of new applications.
3. Higher safety standards: Implement advanced security protocols and multi-factor authentication to meet data protection and compliance requirements.

The solution

Seamless migration from Keycloak to Bare.id

Bare.id took over the complete migration of the existing Keycloak instance — a process that was particularly demanding due to Rheinbahn's heterogeneous IT landscape.

• Quick migration: All existing user accounts, roles and authorizations were transferred to the bare.id platform. The migration was error-free and without downtime or effort for users — within just 3 days.
• Coordination with third parties: Rheinbahn works with several partners who operate various digital applications and background systems. Bare.id acted as a link, efficiently solved technical challenges such as token handling and synchronization and coordinated all questions directly with operators and manufacturers — which saved internal IT a lot of orchestration effort.

• User interface customization: With Bare.ID's white label function, Rheinbahn independently designed the login process in the corporate design — completely without external developers, thanks to an intuitive user interface.

Results

Keycloak expertise and SaaS benefits relieve internal IT

• SaaS benefits: Reducing the burden on internal IT. With bare.ID as a SaaS solution, technical system responsibility, platform availability and comprehensive DevOps support were assumed. As a result, internal IT was noticeably relieved.
• Saving time thanks to deep expertise: Bare.id's deep and long-standing technical expertise in the areas of SSO, IAM and Keycloak enabled rapid migration with a professional set-up for admins and end users.
• Scalability and sustainability: The Bare.id platform has managed to triple the number of users since the introduction of the Deutschland Ticket without sacrificing performance — proof of its suitability for current growth and future expansions.
• Increased security and compliance: With Bare.id, Rheinbahn meets all data protection requirements and can offer its passengers a high level of security while maintaining comfort.

‍