In a federated setup in keycloak if a user has an account in the upstream IDP the user immediatelly gets access to onyxia and the personal space.
Is there any way so that a role or a group in keycloak is required to get access to onyxia otherwise onyxia to show a banner like " no access please contact admin "
Current behavior :
User has an account on upstream IDP
User is reaching the onyxia url
User logs in the Upstream IDP > keycloak > onyxia
User has access to personal space and can create resources
Desired Behavioour :
User has an account on upstream IDP
User is reaching the onyxia url
User logs in the Upstream IDP > keycloak > onyxia
User has no access to onyxia and gets redirected towards a page that lists contact points to get access.
I was thinking if this is possible via a dedicated group that gets ommited from the onyxia groups something like "default_personal_access" to be required in order to get access to onyxia and being able to launch services. If the group is not assigned to you then you get redirected to a static page .
In a federated setup in keycloak if a user has an account in the upstream IDP the user immediatelly gets access to onyxia and the personal space.
Is there any way so that a role or a group in keycloak is required to get access to onyxia otherwise onyxia to show a banner like " no access please contact admin "
Current behavior :
User has an account on upstream IDP
User is reaching the onyxia url
User logs in the Upstream IDP > keycloak > onyxia
User has access to personal space and can create resources
Desired Behavioour :
User has an account on upstream IDP
User is reaching the onyxia url
User logs in the Upstream IDP > keycloak > onyxia
User has no access to onyxia and gets redirected towards a page that lists contact points to get access.
I was thinking if this is possible via a dedicated group that gets ommited from the onyxia groups something like "default_personal_access" to be required in order to get access to onyxia and being able to launch services. If the group is not assigned to you then you get redirected to a static page .