Avoid "Account already exists" form

How can I avoid the “Account already exists” form if I try to authenticate the same user with different IDPs?
The same user (same email) can be authenticated via different IDP (facebook, google…)
I would like to be able to transparently assign “Identity Provider Links” to the principal immediately after authentication via IDP avoiding the presentation of the authentication form for review or add to existing account.
I have tried modifying the “first broker login” flow without success.

Many thanks

Any solution on this ?


If a collision in username/email comes from a brokered Identity Provider, there needs to be some mechanism of validating that the users are indeed the same. Keycloak’s implementation only uses the “Trust email” flag to stop the email validation required action, but it does not automatically link the accounts. It would be possible to do this by building a custom Authenticator in the “First broker login” flow, but there are no included Authenticators in Keycloak that do this.