Hello everyone,
I’m trying to wrap my head around the identity brokering part of keycloak in a B2B settings.
On the IdP side, the connection configured is for a specific client, and the Business at the other end expect being able to setup permission for this application (user permission specific to an IdP, etc).
When you have multiple clients which must be linked to multiple Business (each having a specific IdP connection for each client), what is the way to setup this in Keycloak ?
So far I made a realm by Business, and sort of restrict a client to an IdP via dedicated browser flows, but I’m not sure it is enough to disallow users to fiddle with client connection, notably if they go via the keycloak account pages.
It all seems complex to configure for something that seems to be a standard way of brokering on IdPs side.
Am I missing something ?