pedroigor

Authenticating Organization Members

The Keycloak Organizations feature introduce changes on how users authenticate to a realm in order to identify whether a user is authenticating in the scope of an organization or the realm.

One of the key changes introduced by the feature in terms of authentication is the introduction of an identity-fist login flow whenever you are authenticating to a realm that has the feature enabled.

In this playbook you will learn about:

pedroigor

Onboarding Organization Members using an Invitation Link

In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.

For that, existing users in a realm are going to be able to join an organization by following a registration link.

In this playbook you will learn about:

• How to create an organization in a realm

• How to send an invitation link to invite a users in a realm to join an organization

pedroigor

Onboarding Organization Members using a Registration Link

In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.

For that, users from a business partner are going to be able to create their accounts at the company’s realm by following a registration link and automatically become a member of an organization at the realm that represents the business partner itself.

In this playbook you will learn about:

• How to create an organization in a realm

• How to send a registration link to invite a non-existent user to join an organization

pedroigor

Onboarding Organization Members through an Identity Provider

In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.

For that, users from a business partner are going to be able to create their accounts at the company’s realm by authenticating with their accounts at the business partner and automatically become a member of an organization at the realm that represents the business partner itself.

While the same use case is already possible without using Keycloak Organizations, the feature provides built-in capabilities that makes a lot easier to solve this problem such as:

• Manage third-parties entities in a realm as an organization

• Link any of the built-in identity providers to an organization in order to authenticate and onboard its members

pedroigor

apiVersion: v1
kind: Service
metadata:
  name: keycloak-postgres
  labels:
    service: keycloak
    layer: security
spec:
  ports:
    - port: 5432

pedroigor

Keycloak Admin CLI Cheat Sheet

This document provides some examples about how to use kcadm to manage a realm's configuration.

Configuring Token Exchange Permission for a Client

Enable permissions to a client

./kcadm.sh update clients/{client_id}/management/permissions -f - << EOF