We have decided to use Keycloak for our identity services. The current flow will be as
follows:
1. We will have an external system that creates users. User will not be created by
Keycloak, but instead will be created be an external service which calls the Admin API to
add users.
2. We would like some sort of notification sent to the user by keycloak (if it
cannot be done that would be OK) that the user was added
3. If we add the user, and configure an external IDP account for the user (We will
be pulling user records using Microsoft’s Azure AD Oauth2 client), we want to make sure
that when the user types their username, it will not allow them to even attempt to login
using Keycloak’s login, but instead forces them to go to the external IDP login screen.
We have two workflows for adding users. The first is to have the user added independent
of any sort of external IDP. This is the case where we need some sort of email that goes
to the user with a password or link to validate their account. The second method is to
have the customer’s admin login to the external IDP (we will handle this), and we will
pull down a list of all users in their directory and add them to keycloak ourselves. We
will assign a link to the IDP in keycloak. We would also like a welcome message, but
since the external IDP is managing the password, we do not need them to change their
password.
Is this possible?
Disclaimer
The information contained in this communication from the sender is confidential. It is
intended solely for use by the recipient and others authorized to receive it. If you are
not the recipient, you are hereby notified that any disclosure, copying, distribution or
taking action in relation of the contents of this information is strictly prohibited and
may be unlawful.
This email has been scanned for viruses and malware, and may have been automatically
archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business.
Providing a safer and more useful place for your human generated data. Specializing in;
Security, archiving and compliance. To find out more visit the Mimecast website.