It's a little confusing how best to use Keycloak and realms; ideally I'd
like to have a realm per application or group of interrelated applications,
i.e. a realm for JIra, one for gitlab for example, but the fact users can't
cross realms would make this difficult, I support you could use a social
provider to mitigate setting up duplicate credentials, but I doubt would
help with OTP. Is there any proposals about separating the permissions of a
user in a realm from their identity, i.e. you could have a global user
(same creds and OTP) but where permissions in a realm can be changes
independent of the user.
Appreciate your thoughts ..