Dear Keycloak Community,
we are a non-profit (gemeinnütziger und mildtätiger Verein) called Perma (ZVR 1644988734) and are currently developing PermaplanT, a web app that should support sustainable and bio-diverse gardening.
We integrated Keycloak for login to both our app and Nextcloud.
The app and this integration works great. 
We have a few questions and need help for an onboarding workflow.
Our idea is, that people self-register where they can login in the app (without any rights) but not in Nextcloud (to not create an account which takes disc space).
Once the payment for the current year arrives, they should be added to a group and then get full permissions in the app and also the full amount of storage in Nextcloud.
How to best implement such a workflow?
Which pitfalls are there?
Is there someone who is interested in the web app or generally in sustainability and wants to help us with this and other Keycloak challenges?
If you are interested in a job (currently we cannot hire a Keycloak-only person but are searching for a general sys-admin) please apply here: Ansible-Linux-Hacker*in für Naturschutz und Gemeinwohl in Unterfrauenhaid | willhaben Jobs (Deutsch)
best regards,
Markus (Obmann)