I would get a Thinkpad, either used or new, with that budget. Generally all the hardware will work out of the box, with the possible exception of the fingerprint reader if it exists. RAM and SSD should be replaceable, so if you purchase new just do the upgrade yourself to save some bucks.
It’s feasible as long as all the stuff you want to auth supports oauth, oidc, or saml. It might be a bit overkill for your use case, unless you have a bunch of services you didn’t mention. Keycloak has a bit of a learning curve, but works great once you get past that.