<div dir="ltr">I'm not sure yet.<div><br></div><div>On one hand I could imagine an "exclusive" setting on IdentityProvider level which means that a user provided by this Identity Provider cannot add another linked Identity.</div><div>Problem is that this only works for users which come through this IdP. Users that are only registered in Keycloak directly currently cannot have such a setting since the current Keycloak IdP instance itself is not represented as an IdP...</div><div><br></div><div>I wonder whether it would make sense to add Keycloak as a "fixed" IdP to the IdP list in order to be able to adjust such things...</div><div><br></div><div>Cheers,</div><div>Thomas</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-29 16:00 GMT+02:00 Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Sounds sane - would it be an option per-realm or per-identity provider?</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On 28 August 2016 at 13:06, Thomas Darimont <span dir="ltr"><<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.<wbr>com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div>Hello group,</div><div><br></div><div>Currently when an external Identity Provider like google is configured for a realm </div><div>a user registered in the realm directly and NOT with google also sees</div><div>a federated identity section on his account page in the default Keycloak template.</div><div><br></div><div>There a user can associate his account with a google account </div><div>(Federated Identities -> google -> add).</div><div>Is it possible to not show the link without changing the template?</div><div><br></div><div>I think it should be configurable whether or not existing users have the option to link their</div><div>accounts with an external Identity Provider like google.</div><div><br></div><div>Cheers,</div><div>Thomas</div></div>
<br></div></div>______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/keycloak-dev</a><br></blockquote></div><br></div>
</blockquote></div><br></div>