One Identity Layer for a Digital Merchant Ecosystem

A leading payments provider in the Middle East was operating a growing digital ecosystem of merchant-facing applications. Over time, different portals, platforms, APIs, and internal tools had evolved with their own access patterns, authentication flows, user stores, and integration approaches.

As the business expanded, this created increasing complexity for merchants, operations teams, support teams, and engineering teams. Merchants needed a simpler way to access services. Internal teams needed stronger control over identity, permissions, and application access. The technology platform needed a scalable foundation that could support future digital services without repeatedly rebuilding authentication and access management.

We helped unify identity and access management across the provider's merchant-facing ecosystem by establishing Keycloak as the single authority for authentication and access control. The transformation involved migrating more than 100,000 merchant accounts, API keys, and internal application integrations into one secure identity layer, with no disruption to customers or operations.

The result was a simpler, stronger, and more scalable identity foundation for the future of merchant services.

The Business Challenge

The payments provider had a rapidly expanding merchant digital landscape. Merchants interacted with multiple applications for onboarding, account management, reporting, payment operations, configuration, support, and transaction-related services.

While each application served an important business function, the identity experience had become fragmented.

Different systems had different authentication models. Merchant access was not always consistent across platforms. Internal applications had varying levels of dependency on legacy access flows. API keys and user accounts had to be managed across multiple places. As more services were added, the complexity increased.

This created several challenges:

• Merchants had to deal with inconsistent login and access experiences.
• Support teams had to manage access-related issues across multiple systems.
• Engineering teams had to maintain duplicated identity logic.
• Internal teams lacked a single view of merchant access.
• Application onboarding became slower because each system needed its own access integration.
• Future digital services risked inheriting the same fragmented identity patterns.
• Security and governance became harder to manage at scale.

The provider needed to move from application-specific identity to ecosystem-wide identity.

This was not just an authentication upgrade. It was a platform modernization initiative that would shape how merchants accessed the provider's digital services for years to come.

Our Mandate

We were brought in to design and execute a unified identity transformation across the merchant-facing digital ecosystem.

The objective was to establish one secure identity and access layer that could serve as the trusted authority across merchant applications, internal systems, and API-driven integrations.

The solution had to:

• Centralize merchant authentication.
• Unify access management across multiple merchant-facing applications.
• Migrate more than 100,000 merchant accounts.
• Bring existing API keys under a controlled identity model.
• Integrate internal applications with the new access layer.
• Preserve business continuity throughout the migration.
• Avoid disruption to merchants and operational teams.
• Support future applications and services through reusable identity patterns.
• Improve security, governance, and long-term maintainability.

The success of the initiative depended not only on building the right identity architecture, but also on executing a careful migration across live business systems without breaking customer access.

Solution Overview

We helped establish Keycloak as the single authority for identity and access management across the merchant ecosystem.

The new identity layer provided a centralized foundation for authentication, user federation, access policies, application integration, token issuance, and secure login flows. Instead of each application maintaining its own identity model, merchant-facing platforms could rely on a common identity authority.

The solution unified:

• Merchant user accounts.
• Application access flows.
• API keys and service access patterns.
• Internal application integrations.
• Authentication journeys.
• Authorization and role-based access structures.
• Future onboarding patterns for new digital services.

Keycloak became the central identity platform that allowed the provider to standardize access across the ecosystem while still supporting the practical needs of different applications and merchant segments.

This gave the organization a common access layer that was easier to govern, easier to extend, and easier for merchants to use.

Migrating 100,000+ Merchant Accounts Without Disruption

One of the most complex parts of the transformation was migration.

The provider had a large base of merchant users, existing credentials, access relationships, API keys, and application dependencies. A poorly managed migration could have created login failures, merchant escalations, operational disruption, and business risk.

We helped design a controlled migration approach that prioritized continuity.

The migration covered more than 100,000 merchant accounts, along with associated access metadata, application mappings, API keys, and internal system dependencies.

The migration approach focused on:

• Careful data mapping from legacy sources to the new identity model.
• Validation of merchant account structures.
• Preservation of critical access relationships.
• Controlled sequencing of migration batches.
• Compatibility with existing merchant journeys during transition.
• Fallback planning for edge cases.
• Coordination with application teams.
• Clear cutover planning.
• Post-migration verification and monitoring.

The goal was not simply to move users from one system to another. The goal was to move identity ownership to a new foundation while keeping merchant access uninterrupted.

The migration was completed without disruption to customers or operations, allowing the provider to modernize a critical platform layer while maintaining business confidence.

Creating a Single Authority for Merchant Access

Before the transformation, identity responsibility was spread across multiple applications and access mechanisms. This made it harder to define a consistent source of truth for merchant access.

By introducing Keycloak as the single authority, the provider gained a central place to manage authentication and access control.

This created a stronger foundation for:

• Merchant login.
• User lifecycle management.
• Application access.
• Role and permission structures.
• Token-based authentication.
• API access control.
• Internal system integration.
• Auditable access patterns.
• Future single sign-on expansion.

Applications no longer needed to independently own authentication complexity. Instead, they could integrate with the identity layer and rely on standardized flows.

This reduced duplication, improved consistency, and gave the provider better control over access across its merchant digital estate.

Improving the Merchant Experience

For merchants, identity should be invisible when it works well. They should be able to access the services they need without repeatedly dealing with fragmented login journeys or inconsistent credentials.

The unified identity layer helped create a cleaner merchant experience across digital services.

The transformation enabled:

• A more consistent login experience.
• Reduced confusion across multiple merchant applications.
• Better support for shared access patterns.
• A foundation for single sign-on journeys.
• Easier expansion into new merchant services.
• Fewer access-related operational issues over time.

For merchants using multiple services, the new identity foundation created a more coherent experience. Instead of each application feeling like a separate access island, the provider could move toward a connected digital ecosystem.

This improved the overall perception of the provider's digital maturity and helped support a more seamless merchant relationship.

Strengthening Security and Governance

Identity is one of the most important control points in a payments ecosystem. A fragmented identity model increases operational complexity and makes consistent governance harder to maintain.

By centralizing identity and access management, the provider gained stronger control over how users, applications, and services accessed merchant platforms.

The solution strengthened security and governance through:

• Centralized authentication.
• Standardized token issuance.
• Controlled application integration.
• Better visibility into access patterns.
• Reduced duplication of identity logic.
• Improved access lifecycle management.
• More consistent policy enforcement.
• Stronger auditability.
• A scalable foundation for future security controls.

This was especially important in a payments environment where merchant access, API credentials, operational permissions, and internal tools must be managed carefully.

The new identity layer made it easier to introduce future capabilities such as stronger authentication policies, enhanced monitoring, improved access reviews, and more advanced authorization models.

Integrating Internal Applications and API Access

The transformation was not limited to merchant login screens. It also included internal applications and API-driven access patterns that depended on identity and credentials.

Existing internal systems had to be integrated with the new access layer without breaking operational workflows. API keys and service access mechanisms had to be brought into a more controlled and manageable model.

This required careful coordination across application teams, platform teams, security teams, and business stakeholders.

The solution supported:

• Internal application integration with the identity provider.
• API key migration and alignment.
• Service access mapping.
• Token-based access patterns.
• Application-specific client configuration.
• Backward compatibility where needed.
• Controlled onboarding of applications into the identity layer.

This helped reduce fragmented credential management and gave the provider a stronger model for securing both user-driven and system-driven access.

Technical Architecture Approach

The architecture was designed around Keycloak as the central identity provider for the merchant ecosystem.

Merchant-facing applications were integrated with Keycloak using modern authentication and authorization patterns. Applications relied on the identity layer for login, token issuance, session handling, and access validation.

At a high level, the architecture included:

• A central Keycloak-based identity layer.
• Realm and client configuration for merchant-facing applications.
• Standardized authentication flows.
• Token-based integration between applications and backend services.
• Role and permission mapping.
• Migration utilities for merchant accounts and access data.
• API key migration and governance support.
• Integration patterns for internal applications.
• Monitoring and validation around migration and cutover.

The architecture was built to support both immediate migration needs and future expansion.

New applications could be onboarded into the identity layer more easily, reducing the need to design authentication from scratch for every new merchant service.

Delivery Without Business Disruption

A key success factor was the ability to deliver the transformation without interrupting live merchant operations.

The identity layer sat at the heart of the digital merchant experience. Any outage, broken login, incorrect permission, or failed migration could have directly affected merchants and support teams.

To reduce this risk, delivery was managed through a controlled, phased approach.

This included:

• Detailed discovery of existing access models.
• Migration planning across user accounts, API keys, and application dependencies.
• Environment-based validation.
• Progressive integration of applications.
• Controlled cutover planning.
• Testing across major user journeys.
• Close coordination with business, operations, security, and engineering teams.
• Monitoring during and after migration.

The outcome was a major platform-level transformation delivered while protecting business continuity.

Business Impact

The unified identity layer created value across the provider's merchant ecosystem.

For merchants, it simplified access and created the foundation for a more connected digital experience.

For internal teams, it reduced identity fragmentation, improved supportability, and created a clearer model for managing merchant access.

For engineering teams, it reduced duplicated authentication logic and made future application integration faster and more consistent.

For the business, it created a scalable identity foundation that could support new digital services, new regions, stronger security controls, and long-term platform modernization.

The transformation delivered:

• 100,000+ merchant accounts migrated.
• API keys brought into a more controlled access model.
• Internal applications integrated with the unified identity layer.
• Keycloak established as the single authority for merchant access.
• No disruption to customers or operations.
• Reduced identity fragmentation across applications.
• Improved merchant access experience.
• Stronger access governance and security posture.
• Faster onboarding path for future merchant-facing applications.
• A scalable foundation for the next generation of merchant services.

Why It Matters

For a modern payments provider, identity is not just a login capability. It is a platform foundation.

Every merchant-facing service depends on knowing who the merchant is, what they are allowed to access, which services they use, and how securely they can interact with the platform.

When identity is fragmented, every new application adds more complexity. When identity is unified, every new application becomes easier to integrate, govern, and scale.

This transformation helped the provider move from scattered authentication to a single access foundation for its merchant ecosystem.

That shift enabled the business to simplify merchant journeys, strengthen security, reduce operational overhead, and prepare the platform for future digital growth.

Conclusion

We helped a leading payments provider unify identity and access management across its merchant-facing digital ecosystem.

Using Keycloak as the single authority, we migrated more than 100,000 merchant accounts, API keys, and internal applications into one secure access layer, with no disruption to customers or operations.

The result was a simpler, stronger, and more scalable identity foundation — one that gives merchants a better digital experience and gives the provider a future-ready platform for the next generation of merchant services.