One of our users migrated to a different institution recently, and they will soon lose access to their previous institutional account. Their email address is, for example, changing from firstname.lastname@example.org to email@example.com. When they log in to Keycloak using this new identity provider, Keycloak creates a new account for them with a new user ID. Is there a way for me to link these two accounts such that authenticating via the new institution will pass along her original Keycloak user ID to our downstream services?
This is almost certainly something Keycloak can do but I cannot find documentation about it. If necessary I’d be willing to edit the Keycloak database directly to replace the user ID of the new account with the old after deleting the old account, if that would work.