Blocking New User Logins

A useful user management feature is the ability to freeze the authentication process for one’s tenant, making it impossible for new users to sign in into Nuvla.

This is a different process from blacklisting users, as this will completely block any unregistered users from signing in, while letting existing users authenticate normally.

Each account manager can achieve this within his/her own tenant by following these steps:

  1. on the Authentication panel of the Keycloak portal, create a new Authentication Flow
New authentication flow Save authentication flow Created authentication flow
  1. do not add any other executions or flows under this new flow. Leaving it empty will basically tell Keycloak not to do anything when summoned
  2. since for HNSciCloud user are signing in from external Identity Providers, go to the Identity Providers panel in Keycloak and chose one from the list
IdP
  1. for the First Login Flow configuration parameter, select the new Authentication Flow you’ve created above
Change first authentication flow
  1. repeat steps 3 and 4 for all the Identity Providers in the tenant

And that’s it!

From this point on, new user signing in to Nuvla (or even to Keycloak directly) will get an “Invalid” login (see below) and will not be registered.

Blocked new user

To stop this blockage, just revert the First Login Flow to what it was before, re-doing steps 3 and 4 above, but this time moving the First Login Flow back to first broker login.