xgp
commented
1 year ago Correct. That is a restriction of Keycloak. This extension is for using SSO providers associated with an enterprise, not social providers. It is meant to facilitate SAML and OIDC connections to IdPs that are owned by an organization (e.g. Azure AD SAML or Google Workspace SAML, not Microsoft365 or Google Sign-in). Additionally, if you were to associate a social provider IdP with an organization, there would be no way to restrict anyone with that social provider from logging in and being automatically associated with that organization.
Hi, i am currently playing around with the extension to understand how it works:
My objective is to support a multi-tenant setup with one realm. Each organization should be able to register their own IdP.
Unfortunately, I can only register e.g. Microsoft once since Keycloak itself prevents multiple instances of an IdP per tenant. So how is that accomplished if I would be using the Keycloak-orgs plugin? Or is this a general KC problem/limitation and the plugin does not provide a solution for that?