Hello,
I’m managing our customers access to our FE machine in realms (each customer has its own realm)
I also have 3 different groups in each realm (viewer,operator and admin)
Is there an option to auto add specific users (by their email address f.e) to a group after their first login to the realm (using oidc brokering)?
Thanks in advance,
Hi,
Maybe an authenticator which checks the logged-in users attributes and adds them to the desired group could be an option. The authenticator has to be added to an authentication flow which is configured as “Post Login Flow” in the OIDC broker’s configuration.
https://www.keycloak.org/docs/latest/server_development/#_script_providers
Within the authenticator, you can access the realm model, query the groups model by id, access the user model and so on…
https://www.keycloak.org/docs-api/17.0/javadocs/org/keycloak/models/RealmModel.html#getGroupById(java.lang.String)
https://www.keycloak.org/docs-api/17.0/javadocs/org/keycloak/models/UserModel.html#joinGroup(org.keycloak.models.GroupModel)