Third Identity Provider (IDP): how to avoid the "Account already exists form"?

Hi everyone,

I connected my Keycloak with an external identity provider using SAML.
Everything is working fine but I would like to improve the workflow when:

  • the user exists in my Keycloak
  • the user tries to connect using his third provider account

In this case, Keycloak displays a form “Account already exists” and proposes 2 buttons to the user:

  • “Review profile”
  • “Add to existing account”

I would like to:

  • skip this form to directly send the confirmation link to the user
  • keep the approach with the confirmation link sent by e-mail: an e-mail is sent to the user ; this e-mail contains a link ; the user clicks on the link to confirm he wants to link his Keycloak account with his account present in the external platform

I tried to duplicate the authentication configuration “first broker login” and to change many parameters.
I was able to remove this form if I use the “reauthentication approach”.
But I was not able to remove this form keeping the “confirmation link sent by e-mail” approach.

I tried to create a new workflow from scratch. At a moment I had:

  • the form removed
  • a link sent by e-mail
    But when I clicked on the link sent by e-mail, the link between Keycloak and the third IDP is never established…

My questions:

  • is it possible to do what I want?
  • if so, do you have any ideas or a workflow that works for me?

Thank you very much :wink:

1 Like

I am also facing the same issue, did anyone find something on this?