For a client that wanted to replace Okta for an undisclosed reason, we have proposed Keycloak. Upon configuration we now bump into an issue that when self registration is allowed, the users are by default active/enabled.
Okta has the option to define registration flows (e.g. to set up validation of the user registration). Is there a way to achieve something similar with Keycloak? If not, we might have made the wrong choice.
Ideal scenario: how can we setup self registration to keep users disabled and have a mail sent to an administrator who can enable the user after verification?
worst case I think we might need to set up an additional service end point that collects the user registration, and creates the user by means of the REST AP + sends a notification to the administrator to invite him for account approval. I hope that won’t be needed.
Thx for any advice.