Hi, I have a keycloak instance for a school. Every year new members join and other members are discontinued.
I have disabled “User Registration” in “realm settings / login” because I want control over who can join.
I have enabled “identity provider” “google” so that my users can login with google.
When a user doesnt exist yet in keycloak …
EXPECT: user cannot register via “identity provider” “google”
ACTUAL: a user which oauth logs in … is “registered”
How can I prevent this, so only a specific set of users can exist.
My thoughts:
- without “identity provider” and only local users it would work
- I could let users just “register” via “google” “identity provider” and control via “groups” whether I “accept” a user this might lead to a lot of trash users which do not belong to our school