Hello everyone,
I have integrated an external identity provider using SAML with my Keycloak setup, and everything is working fine. However, I would like to streamline the user experience in the following scenario:
- The user already exists in Keycloak.
- The user tries to connect using their third-party SAML provider account.
Currently, Keycloak displays an “Account already exists” form with two buttons:
- “Review profile”
- “Add to existing account”
I want to achieve the following:
- Skip the “Account already exists” form entirely.
- Automatically send a confirmation link to the user’s email.
- Upon clicking the link in the email, the user’s Keycloak account should be linked with their SAML provider account.
Here are the steps I’ve taken so far:
- I tried duplicating the “First Broker Login” authentication flow and modifying various parameters.
- I managed to remove the form by using the “reauthentication approach.”
- However, I couldn’t remove the form while keeping the “confirmation link sent by email” approach intact.
- I also attempted to create a new workflow from scratch, which did send an email but failed to establish the link between Keycloak and the third-party IDP upon clicking the link.
My questions are:
- Is it possible to achieve this workflow in Keycloak?
- If yes, can anyone provide guidance or a working example of the configuration/workflow to achieve this?
Any help or suggestions would be greatly appreciated!
Thank you!