Configure the user experience
Set SSO as the only sign-in experience for local users
Read time 1 minuteLast updated 5 days ago
After you have completed the previous tasks, you have enabled SSO but haven't disabled the built-in Keycloak sign-in experience for local accounts. Users can choose to sign-in with their Keycloak credentials or through the configured SSO identity provider. If you must disable sign-in to Keycloak for local accounts, complete these steps:
- In Keycloak, go to Configure > Authentication.
-
On the Flows tab, duplicate the authentication flow.
browser -
Name the new flow, for example, .
browser - sso only - Delete the forms section from the new flow.
-
Set Default Identity Provider to the alias of the identity provider that you have created in the previous task, for example, .
unity -
To bind the new flow to the browser flow, complete these steps:
- Select the ellipsis menu (…) next to the new flow.
- Select Bind flow.
- Set the binding type to Browser flow, and then select Save.