diff --git a/_includes/parse-server/third-party-auth.md b/_includes/parse-server/third-party-auth.md
index cbfcd6d5f..2f34e2a99 100644
--- a/_includes/parse-server/third-party-auth.md
+++ b/_includes/parse-server/third-party-auth.md
@@ -10,6 +10,7 @@ Parse Server supports 3rd party authentication with
 * Instagram
 * Janrain Capture
 * Janrain Engage
+* Keycloak
 * LDAP
 * LinkedIn
 * Meetup
@@ -189,6 +190,36 @@ Google oauth supports validation of id_token's and access_token's.
 }
 ```
 
+### Keycloak `authData`
+
+```js
+{
+  "keycloak": {
+    "access_token": "access token from keycloak JS client authentication",
+    "id": "the id retrieved from client authentication in Keycloak",
+    "roles": ["the roles retrieved from client authentication in Keycloak"],
+    "groups": ["the groups retrieved from client authentication in Keycloak"]
+  }
+}
+```
+
+The authentication module will test if the authData is the same as the userinfo oauth call, by comparing the attributes.
+
+Copy the JSON config file generated on Keycloak ([tutorial](https://www.keycloak.org/docs/latest/securing_apps/index.html#_javascript_adapter))
+and paste it inside of a folder (Ex.: `auth/keycloak.json`) in your server.
+
+The options passed to Parse Server:
+
+```js
+{
+  auth: {
+    keycloak: {
+      config: require(`./auth/keycloak.json`) // Required
+    }
+  }
+}
+```
+
 ### Configuring Parse Server for LDAP
 
 The [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol) module can check if a