Disabling email verification when linking account

Hi,

I have a KeyCloak setup where my realm has disabled email verification in the Realm settings / Login. KeyCloak users are created through the API from another internal system which will set the email as verified on all KeyCloak users.
I also have an Identity Provider redirecting users to an external AD (over SAML). That IdP has “Trust Email” enabled.
Still, the first time a user signs in using that IdP, they need to verify their email (getting a link sent to them). The email address returned from AD is identical to the one in the KeyCloak user (which prompts an account linking view).
Is there any way to get rid of these user interactions (especially the email verification)?

1 Like

We solved this by writing a custom “PassThrough” authenticator, which is a really heavy-handed way of doing it but was the right solution for us.

You can implement the AuthenticatorFactory SPI and, in your authenticator, do whatever profile setup steps you want to automate, such as marking an email as trusted, linking profiles, etc.

This also avoids sending new users to the screen where they are prompted to confirm their name/email/etc.

Once you’ve added an authenticator, you can configure it as a step in the authentication flow from the UI in the Keycloak Admin console.

Link to Keycloak documents for Auth SPIs: Server Developer Guide