A similar question was asked in a thread from December 2019, but I’d like to know if anything has changed in Keycloak since then.
I would like to restrict new user registrations so that only specific email domains will be able to create new accounts.
In other words, only accept registration from
*@domain.corp and reject all other registrations.
Is there a built-in way to do this?
See the new declarative user profile SPI: https://www.keycloak.org/docs/latest/server_admin/#user-profile
This allows validation of the fields, so you can create a validation rule for the email field to match your desired domain.
Thank you @dasniko! This seems like it could work very well for my current requirement.
The documentation says the following:
Declarative User Profile is Technology Preview and is not fully supported
Is this something I can rely on for production use? Is there any chance it will be “discarded” in the near future?
As it is still in preview state, I won‘t rely on it 100%, there may be changes. Perhaps not, nobody knows today. Also, it‘s not yet known when it gets fully supported. But from my experience and how it was introduced and is implemented in the core, it will become supported and maybe also a kind of default in the future (whenever this will be).
Got it. Thanks for the info and candor.