Prevent registration - also oauth - only existing users

Hi, I have a keycloak instance for a school. Every year new members join and other members are discontinued.

I have disabled “User Registration” in “realm settings / login” because I want control over who can join.
I have enabled “identity provider” “google” so that my users can login with google.

When a user doesnt exist yet in keycloak …
EXPECT: user cannot register via “identity provider” “google”
ACTUAL: a user which oauth logs in … is “registered”

How can I prevent this, so only a specific set of users can exist.

My thoughts:

  • without “identity provider” and only local users it would work :frowning:
  • I could let users just “register” via “google” “identity provider” and control via “groups” whether I “accept” a user :frowning: this might lead to a lot of trash users which do not belong to our school