I’m exploring KC as our next idP for a product I work on and would like to eventually use the organizations feature for multitenancy. I’m confused about how a user should be registered to an organization with a domain identical to the users email domain.
Configuration used:
1 realm: orgs
Organization: agency-a (domain: agencya.com)
user: jdoe@agencya dot com - (dot should be a period)
Identity Provider: Agency A - and linked it to the organization agency-a
I reached: http://localhost:8080/realms/orgs/account/ and inputted the users (jdoe@agencya) email in the identity first page and then logged in. I navigated back to the console and selected the Organizations tab > Agency-A > Members tab and noticed the user isn’t automatically registered in the Members tab.
Can someone provide clarification on how a member should be added to their respected Organization? Is there documentation on how to configure users to auto populate the Members tab after they login?
I have the same issue… I tried with a clean new realm and did the bare minimum to get organizations working:
setup org and linked with IDP (identity provider)
create a user with correct email domain to match for that organization
I log in with this new user and I get redirected to IDP for that organization (that means things are working, at least I believe that lol)
I test members for that organization and it has none…
Overall I feel like there is quite a lot of flaky behavior with Keycloak that isn’t documented and there although there is documentation out there, besides happy flows it seems to hold little to no value. Maybe it’s just Niko’s youtube video that has everyone mislead…
Don’t know what is misleading in my video.
I’m using very successful the organization feature at some of my customers, everything works as expected and as designed.
There’s no need to create a user upfront, the user will be created at the time it authenticates through the organizations IdP. Then the user will be a managed member of the organization.
Existing users will not be added as a managed member of the organization, it was never meant and designed to be. Your expectation might be different.
I think the confusion comes from lack of knowledge on these flows - either from lack of documentation (Server Administration Guide is exhaustive) or at least the lack of knowledge where to find credible information. I am saying this as I see lots of very simple questions raised over and over again which tells me that people (not only me) seem to be confused with how all of these great features are really supposed to work - and more importantly, how they aren’t.
Is there any resource you can point to other then docs for getting an informed on Keycloak features?