Automatic role/group assignment according to e-mail?

tmladek · June 14, 2021, 10:58am

I’m running Keycloak on foobar.com, and I’ve got open registrations set up.

Now, for all users with a (verified) e-mail address *@foobar.com, I’d like to automatically assign them to a role or a group (something like local or trusted). Is this possible?

Obviously, I could do this on the client-side too, but this way I could avoid hard-coding the e-mail domain in the app, as well as the “doubled” if (group == 'local' OR email.endsWith(foobar.com)) check, so I wonder. Thanks in advance!

xgp · June 14, 2021, 7:56pm

If you want to do it as part of Registration, you can override RegistrationUserCreation (keycloak/RegistrationUserCreation.java at master · keycloak/keycloak · GitHub) and automatically add the new user to the role/group there. Note this will only work for new users.

Topic		Replies	Views
Make the email and groups as a mandatory Fields while creating new users Extending the server	1	1257	November 9, 2021
User Registration Email Domain Whitelist Getting advice	5	1536	May 16, 2023
Invite user to register and automatically join a group	3	3282	April 6, 2023
Verify email via API. How can I replicate it like the auto-email triggered in the user registration form? Getting advice admin-console	3	4117	March 21, 2024
Initial Setup- Phone, reCaptcha, Default user group Getting advice	0	383	September 18, 2020

Automatic role/group assignment according to e-mail?

Related Topics