diff --git a/core/commons/che-core-commons-logback/pom.xml b/core/commons/che-core-commons-logback/pom.xml
index 0d16d1e1bc..63bfc890c3 100644
--- a/core/commons/che-core-commons-logback/pom.xml
+++ b/core/commons/che-core-commons-logback/pom.xml
@@ -26,6 +26,10 @@
             <groupId>javax.inject</groupId>
             <artifactId>javax.inject</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.che.core</groupId>
+            <artifactId>che-core-api-core</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
diff --git a/core/commons/che-core-commons-logback/src/main/java/org/eclipse/che/commons/logback/filter/IdentityIdLoggerFilter.java b/core/commons/che-core-commons-logback/src/main/java/org/eclipse/che/commons/logback/filter/IdentityIdLoggerFilter.java
new file mode 100644
index 0000000000..c66f4ea89c
--- /dev/null
+++ b/core/commons/che-core-commons-logback/src/main/java/org/eclipse/che/commons/logback/filter/IdentityIdLoggerFilter.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2012-2017 Red Hat, Inc.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *   Red Hat, Inc. - initial API and implementation
+ */
+package org.eclipse.che.commons.logback.filter;
+
+import java.io.IOException;
+import javax.inject.Singleton;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.eclipse.che.commons.subject.Subject;
+import org.slf4j.MDC;
+
+/**
+ * A servlet filter that retrieves the identity_id from the servlet context and put it in the MDC
+ * context. Logback can be configured to display this value in each log message when available. MDC
+ * property name is `identity_id`.
+ */
+@Singleton
+public class IdentityIdLoggerFilter implements Filter {
+
+  private static final String IDENTITY_ID_MDC_KEY = "identity_id";
+
+  @Override
+  public void init(FilterConfig filterConfig) throws ServletException {}
+
+  @Override
+  public final void doFilter(
+      ServletRequest request, ServletResponse response, FilterChain filterChain)
+      throws IOException, ServletException {
+    final HttpServletRequest httpRequest = (HttpServletRequest) request;
+    final HttpSession session = httpRequest.getSession();
+    Subject subject = (Subject) session.getAttribute("che_subject");
+
+    if (subject != null && subject.getUserId() != null) {
+      MDC.put(IDENTITY_ID_MDC_KEY, subject.getUserId());
+    }
+
+    filterChain.doFilter(request, response);
+  }
+
+  @Override
+  public void destroy() {}
+}
diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/pom.xml b/multiuser/keycloak/che-multiuser-keycloak-server/pom.xml
index a6dba1a923..3dcea43912 100644
--- a/multiuser/keycloak/che-multiuser-keycloak-server/pom.xml
+++ b/multiuser/keycloak/che-multiuser-keycloak-server/pom.xml
@@ -86,6 +86,10 @@
             <groupId>org.eclipse.che.core</groupId>
             <artifactId>che-core-commons-lang</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.che.core</groupId>
+            <artifactId>che-core-commons-logback</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.eclipse.che.multiuser</groupId>
             <artifactId>che-multiuser-api-authorization</artifactId>
diff --git a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/deploy/KeycloakServletModule.java b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/deploy/KeycloakServletModule.java
index efa4459f38..a5e3beb8b0 100644
--- a/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/deploy/KeycloakServletModule.java
+++ b/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/deploy/KeycloakServletModule.java
@@ -12,6 +12,7 @@ package org.eclipse.che.multiuser.keycloak.server.deploy;
 
 import com.google.inject.servlet.ServletModule;
 import javax.inject.Singleton;
+import org.eclipse.che.commons.logback.filter.IdentityIdLoggerFilter;
 import org.eclipse.che.multiuser.keycloak.server.KeycloakAuthenticationFilter;
 import org.eclipse.che.multiuser.keycloak.server.KeycloakEnvironmentInitalizationFilter;
 
@@ -26,5 +27,7 @@ public class KeycloakServletModule extends ServletModule {
         .through(KeycloakAuthenticationFilter.class);
     filterRegex("^(?!.*(/docs/))(?!.*(/keycloak/settings/?|/oauth/callback/?|/system/state/?)$).*")
         .through(KeycloakEnvironmentInitalizationFilter.class);
+    filterRegex("^(?!.*(/docs/))(?!.*(/keycloak/settings/?|/api/oauth/callback/?)$).*")
+        .through(IdentityIdLoggerFilter.class);
   }
 }