Invitation Extension for Keycloak

Invite Users Before They Exist – With Roles, Tenants and Validity Period

Invite partners, customers or project members – without them having to register first. Roles, tenant assignment and validity period are defined with the invitation. What you gain:
  • User onboarding without admins having to create accounts manually
  • Roles and permissions are defined with the invitation
  • Tenant context is clearly defined from the start
Keycloak Extension B2B Onboarding Invitation Flow Multi-Tenant Self-Service

Book a free
consultation call now

Online and fast

available time slots
Choose a time slot
Your benefits with the Invitation Extension:
Controlled onboarding: only invited users get access
Roles and tenants are already assigned when inviting
Time-limited invitations with automatic reminders
API- and UI-based management via the user portal
Delegated admins can send invitations themselves

How the Invitation Extension works

Invitations instead of anonymous registrations

The extension introduces a new concept: the invitation. An invitation is a “pre-created” user with an email address, assigned roles and, optionally, a tenant context.

Create invitation

What is defined in an invitation

Administrators or delegated partner admins create invitations with the following details:
Email address
Unique key for the invitation
Roles & permissions
Assigned automatically upon acceptance
Tenant
Context for multi-tenant environments
Validity period
Invitations expire after a defined time

Accept invitation

What happens during login

The invited user receives a link or logs in with their email address:
Keycloak detects the matching invitation
User is asked whether they accept the invitation
On acceptance: conversion into a real user
Roles and tenant are applied automatically
User immediately has access in the right context

Typical use cases

Where the Invitation Extension is used

B2B partner portals: invite users for dealer or supplier accounts
Tenant-internal administration: partner admins invite team members
Project teams: add external members in a targeted way
Admin roles: assign sensitive permissions only via invitation

Can be combined with other extensions

For complete delegation scenarios

Tenant Extension – Invitations with tenant context
User Portal – Partner admins send invitations themselves
MFA Selection – Define MFA requirement when inviting
License Management – Check quotas per tenant
View all extensions

Frequently asked questions about the Invitation Extension

Invitations, validity, delegation

What happens when an invitation expires?

Can delegated admins send invitations themselves?

Does the extension work with social login or external identity providers?

Can I create invitations via API?

How does the Invitation Extension differ from standard registration?

Invitation Extension for your project

Let’s check together whether the extension fits your requirements.

Frank Tripp Head of Identity & Access Management c.frank.tripp@loginfactor.com 05251 5449490
Frank Tripp