Configure the user experience

Set SSO as the only sign-in experience for local users
Read time 1 minuteLast updated 5 days ago

After you have completed the previous tasks, you have enabled SSO but haven't disabled the built-in Keycloak sign-in experience for local accounts. Users can choose to sign-in with their Keycloak credentials or through the configured SSO identity provider. If you must disable sign-in to Keycloak for local accounts, complete these steps:
  1. In Keycloak, go to Configure > Authentication.
  2. On the Flows tab, duplicate the
    browser
    authentication flow.
  3. Name the new flow, for example,
    browser - sso only
    .
  4. Delete the forms section from the new flow.
  5. Set Default Identity Provider to the alias of the identity provider that you have created in the previous task, for example,
    unity
    .
  6. To bind the new flow to the browser flow, complete these steps:
    1. Select the ellipsis menu (…) next to the new flow.
    2. Select Bind flow.
    3. Set the binding type to Browser flow, and then select Save.