Hello,
we set up Indico with keycloak SSO. It seems that the accounts do not exist (and can’t be used) unless the user logs in for the first time. Is it somehow possible to import the users? If this isn’t possible via SSO (which would make sense 
) we may use LDAP and switch back to SSO afterwards.
To add some background: I already have a contribution list for a conference that was created manually and I would like to transfer those into Indico. The speaker are already known but I cannot add them to the session.
Thanks
This is not necessary. You can tick “users with no indico account” when searching for your speakers and it will search in LDAP, and create them once you submit the form adding them as a speaker etc…
Thank you for your answer!
But this is only valid for LDAP? If you authenticate by using SSO this isn’t possible?!
Indeed. SSO by itself does not provide a searchable account database nor a way to get all accounts.
It may be possible for you to mix both: SSO to login, and LDAP as a backend to get account data (both for logins and searching users). This is easily possible as long as you get an unique identifier from the SSO login that you can use to retrieve user data e.g. from LDAP.
Since you mentioned Keycloak: There is no integration to directly query keycloak for a list of users, but it would probably not be too hard to develop a flask-multipass backend that integrated with they keycloak APIs for this.
It may be possible for you to mix both: SSO to login, and LDAP as a backend to get account data (both for logins and searching users). This is easily possible as long as you get an unique identifier from the SSO login that you can use to retrieve user data e.g. from LDAP.
I think that would be the best solution for my case. Can you point me to the relevant documentation to set up this mixed mode (SSO for login, LDAP to search users) so that I am able to tick “users with no indico account” when searching for them?
Thanks again for your help!