We are building a POC using keycloak server for IAM. The plan is to use realm to seperate out users for different client organizations.
We want to make sure that users registering for a domain can only do so if they have the company's email id.
How do acheive this? Is there a way that we can limit user registration with email id ending with @abc.com to register for a realm.
We are using 4.0.0.beta2 for the poc.
I can't find any standard functionality for this, but it is possible to create a custom authenticator (SPI) that checks the email address. Then, this can be added as an execution step in the "registration" authentication flow, and cancel the registration process if the email domain is not accepted. It probably won't yield nice in-place validation errors though, it would be some kind of error page.
Seems that there is a task related to this: https://issues.jboss.org/browse/KEYCLOAK-2966