diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index a7726d727..d5698700c 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -28,6 +28,11 @@ terraform {
 provider "keycloak" {
   client_id = "terraform"
   url       = "https://auth.tvl.fyi"
+  # NOTE: Docs mention this applies to "users of the legacy distribution of keycloak".
+  # However, we get a "failed to perform initial login to Keycloak: error
+  # sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found"
+  # if we don't set this.
+  base_path = "/auth"
 }
 
 resource "keycloak_realm" "tvl" {