Converting Users from Keycloak User to LDAP or brokered OIDC/SAML2 user?

Hi all,

I’m trying to work through a couple use cases to handle situations where we may shift from using Keycloak’s internally managed user pool to using a LDAP/AD server, or potentially an external identity provider using SAML2/OAuth2. I wasn’t able to find any clear documentation detailing this type of user conversion.

Is it possible to link existing Keycloak users to an externally managed identity after they’ve been created? Is the reverse possible (unlinking a Keycloak user from an external provider)?

Thanks in advance!

Has anyone gone through this process? Alternatively what happens if one were to migrate from one federated IdP (saml2 or oauth2) to another?