Hmm, just realised that we have not enabled the script-based authenticators yet.. duh.. rtfm.. We will follow that route and see if we can do it that way. https://www.keycloak.org/docs/latest/server_admin/index.html#_authenticat... On 16 Apr 2019, at 15:01, Edgar Vonk - INFO <Edgar(a)info.nl&gt; wrote: Hi all, We need to build a custom form-based authenticator/execution as part of our Identity Provider Post Login Authentication Flow. We already have our custom Post Login Flow set up and we know how to build and use custom Authenticators. But we cannot quite figure out how to implement custom form-based Authenticators. Basically what we need is: as the very last step of the post login flow (the user has authenticated to our external Identity Provider by this point) we need to present a simple form with a drop-down list to the user. The user needs to select one option and that option we then need to store as a user attribute in Keycloak. Somewhat akin to Review Profile maybe except that this needs to be done after every login. What is the best way to go about this? We know we can extend Keycloak forms relatively easily. E.g. looking at https://github.com/raptor-group/keycloak-login-recaptcha But for this it seems we would need to create our own login provider with our own form in it (somewhat similar to https://github.com/dteleguin/keycloak-dynamic-branding) or is there another way? There is also that ScriptBasedAuthenticator but to be honest we do not understand how to use that. It does not seem to be available as an executor in our custom Post Login Flow? thanks in advance!