6. Use cases#
This section describes some uses cases for the app Keycloak to give a deeper insight of the app’s capability.
6.1. Expired password and change password on next sign-in#
In some situations, administrators create a user account with a temporary password that requires the account owner to change their password during their first sign-in. The procedure can be company policy or just considered a good practice. Also, if for any other reason like a lost or compromised user password, the account owner can contact the administrator and request a password change.
See also
- User management module - Account tab
For user account expire and set password upon first login, refer to UCS 5.0 Manual [2].
To enable these capabilities with Keycloak, the app offers the following extensions. The extensions only provide the capabilities in the UCS realm with the Keycloak app installed.
- Univention LDAP mapper
In Keycloak Admin Console follow
The LDAP mapper reads necessary attributes from the LDAP directory and triggers a password update when needed.
- Univention update password
In Keycloak Admin Console follow
Univention update password provides dialogs and forms in the Keycloak login flow.