Migrate to Keycloak with Zero Session Lost

We would like to start using Keycloak for authentication in our existing system, and we are planning of using SPI for this purpose to integrate with our legacy system.
There are many articles about using SPI as a good solution to migrate users from legacy systems but is there an option to have them silently migrate on the Keycloak?
So, what we would like is - existing sessions in our system should somehow obtain token and create sessions on Keycloak side (we don’t have credentials at this level and we don’t want user to be aware of anything), we rely only on existing legacy session here and we know user’s username.
Is there any authentication flow or mechanism for obtaining token that can be used for this usecase?