Hello all,
Looking for some guidance. I have an external identity provider setup for a realm. Want to create an onboarding/registration experience that goes like this:
- Authenticate via the external identity provider, required.
- Placed into a pending status until additional actions are completed. Something that prevents them from logging into any service providers. Post login group membership check, etc.
- Complete additional checks and setup of their account.
- Set password reset and possibly other actions on their account, i.e. review profile, configure otp, etc.
- Notify them when those additional actions are completed.
I have created a custom event filter spi that detects registration events. However, when I try to add an identity provider redirect into the registration auth flow it errors out. So, I don’t know if it possible to leverage the registration process. How would I go about detecting new accounts that are created during first broker logins? Is there an event type that detects that? Do I need to create a custom authenticator and add it to the authentication flow to initiate the additional steps (i.e. add them to a queue for processing) that I need to complete before I notify them that their account is ready to go?