auto flow

infra/values/upc-dev/keycloak-values.yaml

@@ -15,6 +15,29 @@ keycloakConfigCli:
     microsoft-idp.json: |
       {
         "realm": "forte",
+        "authenticationFlows": [
+          {
+            "alias": "auto-link-first-broker-login",
+            "description": "Auto-link IdP accounts to existing users by email",
+            "providerId": "basic-flow",
+            "topLevel": true,
+            "builtIn": false,
+            "authenticationExecutions": [
+              {
+                "authenticator": "idp-create-user-if-unique",
+                "authenticatorFlow": false,
+                "requirement": "ALTERNATIVE",
+                "priority": 10
+              },
+              {
+                "authenticator": "idp-auto-link",
+                "authenticatorFlow": false,
+                "requirement": "ALTERNATIVE",
+                "priority": 20
+              }
+            ]
+          }
+        ],
         "identityProviders": [
           {
             "alias": "forte-entra",
@@ -22,7 +45,7 @@ keycloakConfigCli:
             "providerId": "microsoft",
             "enabled": true,
             "trustEmail": true,
-            "firstBrokerLoginFlowAlias": "first broker login",
+            "firstBrokerLoginFlowAlias": "auto-link-first-broker-login",
             "config": {
               "clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7",
               "clientSecret": "$(env:MS_IDP_CLIENT_SECRET)",
@@ -38,7 +61,7 @@ keycloakConfigCli:
             "enabled": true,
             "storeToken": true,
             "trustEmail": true,
-            "firstBrokerLoginFlowAlias": "first broker login",
+            "firstBrokerLoginFlowAlias": "auto-link-first-broker-login",
             "config": {
               "clientId": "7995d2b5-b798-4caf-8da6-b00b78bb34d7",
               "clientSecret": "$(env:MS_IDP_CLIENT_SECRET)",