Replies: 5 comments 30 replies
-
After some more more testing and playing around with this feature, I'd love to get this in preview or even supported state. Are there already any plans to elevate this feature? When can we expect this to happen? Especially in EU and more especially in Germany, when working with external IdPs from government parties (like e.g. bundID (federal IdP in Germany for all citizens) or Elster (federal portal for companies/legal entities), who requires you to delete data after some time of inactivity (which is also required by the GDPR in EU), this feature would ease a lot of deployments and custom extensions around user deletion. And Keycloak is heavily used in Germany from public institutions in conjunction with bundID and Elster...! /cc @ahus1 |
Beta Was this translation helpful? Give feedback.
-
We are currently testing this feature and so far it looks pretty good. But we are not finished with testing yet. If we are running into some problems we will let you know :-) |
Beta Was this translation helpful? Give feedback.
-
Instead of using hardcoded mappers, we could also have "default roles for transient users" on realm level or in identity provider level, same could apply for groups. This would ease the configuration a bit. |
Beta Was this translation helpful? Give feedback.
-
The user links in the sessions listing do not work for transient users. I suggest to disable the links for those users and make it possible to distinguish persistent users from transient users. |
Beta Was this translation helpful? Give feedback.
-
The documentation looks okay from my perspective but how about adding an additional part about how to prevent user-profile-review. In case of transient users we will always have the |
Beta Was this translation helpful? Give feedback.
-
Hi @hmlnarik
I'm currently testing the experimental transient users which were introduced with #23977.
So far, it works like expected, but I experienced that a transient user doesn't get the
default-roles-<realm>
role associated. Is this intended or just missing?After a while I discovered somewhere in the docs (or just release notes?) that I have to set this mapping explicitly. After adding the
default-roles-...
in the IdP mappers as a "hardcoded role mapper", it works like a charm. But it isn't/wasn't obvious for me to do this extra step, as regular users will get assigned to the default roles automatically.Thanks & regards!
Beta Was this translation helpful? Give feedback.
All reactions