We are considering using Keycloak as a handler for our third-party authentication.
We do have multiple tenants, each of our tenants will have 0 or more third-party integration possible. For example, Tenant1 could have (Facebook) and Tenant 2 (Azure + Github). Our tenant will need to provide the according credentials to our team so we can confirm these identities provider.
First, I would like to have a confirmation: Each of our tenants should be a Keycloak Realm, and that Realm will have 0 to more Identity Provider.
In our implementation, we seek to keep the “Users” database on our ends and existing database.
Is there a setting to somewhat disable the user persistence in Keycloak? If no, what’s the recommandation?
In our implementation, we would validate the user’s email and the realm (so Tenant 2 cannot connect to Tenant 1).