| ## Goals | |
| - 61 | |
| - Wrap up M2 | |
| - Authorization Schema Updated with User and Client Resource Types | |
| - Manage and Evaluate | |
| - CRUD User Resource Type in the Administration Console | |
| - Complete Design of the Evaluation Section | |
| - Open discussion in the community about FGAP v2 |
| - Create Permission UI | |
| # Permissions to manage all users in a realm | |
| * Resource Type: Users <required> | |
| * Scope: update | read | delete | create | |
| * Allow Users: <select a group> | <select role> | <select whatever we think makes sense as a access control mechanism> <mandatory> | |
| # Permissions to manage users from a group and manage groups in a realm | |
| * Resource Type: Group <required> | |
| * Resource: <groupid> <optional> |
The Keycloak Organizations feature introduce changes on how users authenticate to a realm in order to identify whether a user is authenticating in the scope of an organization or the realm.
One of the key changes introduced by the feature in terms of authentication is the introduction of an identity-fist login flow whenever you are authenticating to a realm that has the feature enabled.
In this playbook you will learn about:
In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.
For that, existing users in a realm are going to be able to join an organization by following a registration link.
In this playbook you will learn about:
How to create an organization in a realm
How to send an invitation link to invite a users in a realm to join an organization
In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.
For that, users from a business partner are going to be able to create their accounts at the company’s realm by following a registration link and automatically become a member of an organization at the realm that represents the business partner itself.
In this playbook you will learn about:
How to create an organization in a realm
How to send a registration link to invite a non-existent user to join an organization
In this playbook you are going to follow the basic steps to configure a Keycloak instance to support a common Business-to-Business (B2B) use case where a company wants to integrate with its business partners to allow their employees or customers to access its services.
For that, users from a business partner are going to be able to create their accounts at the company’s realm by authenticating with their accounts at the business partner and automatically become a member of an organization at the realm that represents the business partner itself.
While the same use case is already possible without using Keycloak Organizations, the feature provides built-in capabilities that makes a lot easier to solve this problem such as:
Manage third-parties entities in a realm as an organization
Link any of the built-in identity providers to an organization in order to authenticate and onboard its members
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: keycloak-postgres | |
| labels: | |
| service: keycloak | |
| layer: security | |
| spec: | |
| ports: | |
| - port: 5432 |