libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Clarification on user registration and identity brokering (#1792)

Browse source 
* Clarification on user registration and identity brokering
Closes #1791

* Update server_admin/topics/login-settings/update-email-workflow.adoc
This commit is contained in:
Marek Posolda 2023-03-20 08:14:25 +01:00 committed by GitHub
parent cfb6a45194
commit ffdb213c45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
server_admin/topics/identity-broker/first-login-flow.adoc
View file

@ -91,6 +91,9 @@ To disable user creation:
This configuration also implies that {project_name} itself won't be able to determine which internal account would correspond to the external identity. This configuration also implies that {project_name} itself won't be able to determine which internal account would correspond to the external identity.
Therefore, the `Verify Existing Account By Re-authentication` authenticator will ask the user to provide both username and password. Therefore, the `Verify Existing Account By Re-authentication` authenticator will ask the user to provide both username and password.
NOTE: Enabling or disabling user creation by identity provider is completely independent on the realm <<con-user-registration_{context}, User Registration switch>>. You can have enabled user-creation
by identity provider and at the same time disabled user self-registration in the realm login settings or vice-versa.
[[_detect_existing_user_first_login_flow]] [[_detect_existing_user_first_login_flow]]
==== Detect existing user first login flow ==== Detect existing user first login flow
In order to configure a first login flow in which: In order to configure a first login flow in which:

8
server_admin/topics/users/con-user-registration.adoc
View file

@ -13,6 +13,14 @@ image:images/registration-link.png[]
A user must add profile information to the registration form to complete registration. The registration form can be customized by removing or adding the fields that must be completed by a user. A user must add profile information to the registration form to complete registration. The registration form can be customized by removing or adding the fields that must be completed by a user.
.Clarification on identity brokering and admin API
Even when self-registrations is disabled, new users can be still added to {project_name} by either:
* Administrator can add new users with the usage of admin console (or admin REST API)
* When identity brokering is enabled, new users authenticated by identity provider may be automatically added/registered in {project_name} storage.
See the <<_identity_broker_first_login, First login flow section in the Identity Brokering chapter>> for more information.
Also users coming from the <<_user-storage-federation, 3rd-party user storage>> (for example LDAP) are automatically available in {project_name} when the particular user storage is enabled
[role="_additional-resources"] [role="_additional-resources"]
.Additional resources .Additional resources