Hi,
My use case matches exactly with Use Case #2 on the following Github page.
# Approvals System
* **Status**: Notes
* **JIRA**: [KEYCLOAK-8441](https://issues.jboss.org/browse/KEYCLOAK-8441)
## Motivation
Keycloak offers several ways of server management access control, including RBAC, UBAC, ... with support for fine-grained permissions. All of them works on a similar basis - access for a user is either granted or denied.
A server administrator might want to use a hybrid solution - approving certain actions before them taking in effect.
### Use Case #1
- Let’s have some administrators hierarchy
- Some super admin has subordinates - sub-admins
- Sub-admins have limited permissions in Keycloak Admin Console
- Sub-admins are allowed to create new Clients
- They can access relevant sections of Admin Console (they “pass” the AuthZ checks)
- When a new Client is created, it’s not yet effective
show original
User self-registers to Keycloak
Once they’re registered, an Approval Request is created
They can’t use their new account just yet
After the Approval Request is approved by an admin, the user is allowed to login
Does Keycloak support this approval system yet?
Thanks.
Xulunix
December 22, 2021, 8:58pm
#2
Afaik that is not supported out of the box by Keycloak.
Having a proper system for user approval would be great
1 Like
Mimo
December 23, 2021, 1:52am
#3
U need to implement your own approval app.
1 Like