Although each realm can have variations in what information we collect., or what authentication process is setup, there is a minimum set of recommendations that should be follow in each realm setup.

...

Information not collected:

• Country: not necessary, as the user will be on a real that

Use of email

• Expected for all users. Keycloak will enforce uniqueness within the Realm

• For self-created accounts, users will receive an email that

...

• they need to open an visit the suggested URL for email validation

• For manually created account or imported accounts, email will set to ‘verified’

Setting username

By realm - Keycloak enforces uniqueness

A combination of first name and last name can be used, but must be consistent across the realm accounts

• First Name + “.” + Last Name (rodolfo.melia)

• Initial First Name + “.” + Last Name (r.melia)

• Initial First Name + Last Name (rmelia)

Gender

if you ask for gender, consider a 3rd option for ‘do not with to disclose’

Self Registration

• Auto-suggested based on a combination listed above (small custom dev)

• Will display an error is username is taken (or if possible as a number: rmelia2)

• email account will need to be validated (see email section)

Authentication guidelines

In general, we will setup Keycloak mirroring PSI’s authentication guidelines which can be summarised as detailed below.

...

• 8 characters or more

• Never expires

• must include

  • one lower case,

  • one upper case,

    one number and

  • one special character

• Not user name

• Not email

Password recovery

Self-register

PSI' 2FA

Status
colour Green title implemented June 2023

...