Viewing docs for Keycloak v6.12.0
published on Saturday, Jun 6, 2026 by Pulumi
published on Saturday, Jun 6, 2026 by Pulumi
Viewing docs for Keycloak v6.12.0
published on Saturday, Jun 6, 2026 by Pulumi
published on Saturday, Jun 6, 2026 by Pulumi
Allows creating and managing workflows within Keycloak.
Workflows automate administrative tasks in response to realm events (e.g. onboarding new users, sending notifications). This feature requires Keycloak 26.4 or later and must be enabled with --features=workflows at startup.
Example Usage
Onboard new users
This example mirrors the official Keycloak workflow guide. The example workflow sends the user a welcome notification, then requires them to update their password after 30 days. Finally, it restarts the workflow so the password update requirement repeats every 30 days.
The workflow triggers on every userCreated event.
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const onboarding = new keycloak.Workflow("onboarding", {
realm: realm.id,
name: "onboarding-new-users",
on: "user_created",
enabled: true,
steps: [
{
uses: "notify-user",
config: {
message: `<p>Dear \${user.firstName} \${user.lastName}, </p>
<p>Welcome to \${realm.displayName}!</p>
<p>
Best regards,<br/>
The Keycloak Team
</p>
`,
},
},
{
uses: "set-user-required-action",
after: "2592000000",
config: {
action: "UPDATE_PASSWORD",
},
},
{
uses: "restart",
config: {
position: "1",
},
},
],
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
onboarding = keycloak.Workflow("onboarding",
realm=realm.id,
name="onboarding-new-users",
on="user_created",
enabled=True,
steps=[
{
"uses": "notify-user",
"config": {
"message": """<p>Dear ${user.firstName} ${user.lastName}, </p>
<p>Welcome to ${realm.displayName}!</p>
<p>
Best regards,<br/>
The Keycloak Team
</p>
""",
},
},
{
"uses": "set-user-required-action",
"after": "2592000000",
"config": {
"action": "UPDATE_PASSWORD",
},
},
{
"uses": "restart",
"config": {
"position": "1",
},
},
])
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = keycloak.NewWorkflow(ctx, "onboarding", &keycloak.WorkflowArgs{
Realm: realm.ID(),
Name: pulumi.String("onboarding-new-users"),
On: pulumi.String("user_created"),
Enabled: pulumi.Bool(true),
Steps: keycloak.WorkflowStepArray{
&keycloak.WorkflowStepArgs{
Uses: pulumi.String("notify-user"),
Config: pulumi.StringMap{
"message": pulumi.String(`<p>Dear ${user.firstName} ${user.lastName}, </p>
<p>Welcome to ${realm.displayName}!</p>
<p>
Best regards,<br/>
The Keycloak Team
</p>
`),
},
},
&keycloak.WorkflowStepArgs{
Uses: pulumi.String("set-user-required-action"),
After: pulumi.String("2592000000"),
Config: pulumi.StringMap{
"action": pulumi.String("UPDATE_PASSWORD"),
},
},
&keycloak.WorkflowStepArgs{
Uses: pulumi.String("restart"),
Config: pulumi.StringMap{
"position": pulumi.String("1"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var onboarding = new Keycloak.Workflow("onboarding", new()
{
Realm = realm.Id,
Name = "onboarding-new-users",
On = "user_created",
Enabled = true,
Steps = new[]
{
new Keycloak.Inputs.WorkflowStepArgs
{
Uses = "notify-user",
Config =
{
{ "message", @"<p>Dear ${user.firstName} ${user.lastName}, </p>
<p>Welcome to ${realm.displayName}!</p>
<p>
Best regards,<br/>
The Keycloak Team
</p>
" },
},
},
new Keycloak.Inputs.WorkflowStepArgs
{
Uses = "set-user-required-action",
After = "2592000000",
Config =
{
{ "action", "UPDATE_PASSWORD" },
},
},
new Keycloak.Inputs.WorkflowStepArgs
{
Uses = "restart",
Config =
{
{ "position", "1" },
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.Workflow;
import com.pulumi.keycloak.WorkflowArgs;
import com.pulumi.keycloak.inputs.WorkflowStepArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var onboarding = new Workflow("onboarding", WorkflowArgs.builder()
.realm(realm.id())
.name("onboarding-new-users")
.on("user_created")
.enabled(true)
.steps(
WorkflowStepArgs.builder()
.uses("notify-user")
.config(Map.of("message", """
<p>Dear ${user.firstName} ${user.lastName}, </p>
<p>Welcome to ${realm.displayName}!</p>
<p>
Best regards,<br/>
The Keycloak Team
</p>
"""))
.build(),
WorkflowStepArgs.builder()
.uses("set-user-required-action")
.after("2592000000")
.config(Map.of("action", "UPDATE_PASSWORD"))
.build(),
WorkflowStepArgs.builder()
.uses("restart")
.config(Map.of("position", "1"))
.build())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
onboarding:
type: keycloak:Workflow
properties:
realm: ${realm.id}
name: onboarding-new-users
on: user_created
enabled: true
steps:
- uses: notify-user
config:
message: |
<p>Dear $${user.firstName} $${user.lastName}, </p>
<p>Welcome to $${realm.displayName}!</p>
<p>
Best regards,<br/>
The Keycloak Team
</p>
- uses: set-user-required-action
after: '2592000000'
config:
action: UPDATE_PASSWORD
- uses: restart
config:
position: '1'
pulumi {
required_providers {
keycloak = {
source = "pulumi/keycloak"
}
}
}
resource "keycloak_realm" "realm" {
realm = "my-realm"
enabled = true
}
resource "keycloak_workflow" "onboarding" {
realm = keycloak_realm.realm.id
name = "onboarding-new-users"
on = "user_created"
enabled = true
steps {
uses = "notify-user"
config = {
"message" = "<p>Dear $${user.firstName} $${user.lastName}, </p>\n<p>Welcome to $${realm.displayName}!</p>\n<p>\n Best regards,<br/>\n The Keycloak Team\n</p>\n"
}
}
steps {
uses = "set-user-required-action"
after = "2592000000"
config = {
"action" = "UPDATE_PASSWORD"
}
}
steps {
uses = "restart"
config = {
"position" = "1"
}
}
}
Notify then delete a user after account creation
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const offboard = new keycloak.Workflow("offboard", {
realm: realm.id,
name: "offboard-users",
on: "user_created",
enabled: true,
steps: [
{
uses: "notify-user",
after: "2505600000",
config: {
emailTemplate: "offboarding-warning",
},
},
{
uses: "delete-user",
after: "2592000000",
},
],
});
import pulumi
import pulumi_keycloak as keycloak
offboard = keycloak.Workflow("offboard",
realm=realm["id"],
name="offboard-users",
on="user_created",
enabled=True,
steps=[
{
"uses": "notify-user",
"after": "2505600000",
"config": {
"emailTemplate": "offboarding-warning",
},
},
{
"uses": "delete-user",
"after": "2592000000",
},
])
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keycloak.NewWorkflow(ctx, "offboard", &keycloak.WorkflowArgs{
Realm: pulumi.Any(realm.Id),
Name: pulumi.String("offboard-users"),
On: pulumi.String("user_created"),
Enabled: pulumi.Bool(true),
Steps: keycloak.WorkflowStepArray{
&keycloak.WorkflowStepArgs{
Uses: pulumi.String("notify-user"),
After: pulumi.String("2505600000"),
Config: pulumi.StringMap{
"emailTemplate": pulumi.String("offboarding-warning"),
},
},
&keycloak.WorkflowStepArgs{
Uses: pulumi.String("delete-user"),
After: pulumi.String("2592000000"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var offboard = new Keycloak.Workflow("offboard", new()
{
Realm = realm.Id,
Name = "offboard-users",
On = "user_created",
Enabled = true,
Steps = new[]
{
new Keycloak.Inputs.WorkflowStepArgs
{
Uses = "notify-user",
After = "2505600000",
Config =
{
{ "emailTemplate", "offboarding-warning" },
},
},
new Keycloak.Inputs.WorkflowStepArgs
{
Uses = "delete-user",
After = "2592000000",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Workflow;
import com.pulumi.keycloak.WorkflowArgs;
import com.pulumi.keycloak.inputs.WorkflowStepArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var offboard = new Workflow("offboard", WorkflowArgs.builder()
.realm(realm.id())
.name("offboard-users")
.on("user_created")
.enabled(true)
.steps(
WorkflowStepArgs.builder()
.uses("notify-user")
.after("2505600000")
.config(Map.of("emailTemplate", "offboarding-warning"))
.build(),
WorkflowStepArgs.builder()
.uses("delete-user")
.after("2592000000")
.build())
.build());
}
}
resources:
offboard:
type: keycloak:Workflow
properties:
realm: ${realm.id}
name: offboard-users
on: user_created
enabled: true
steps:
- uses: notify-user
after: '2505600000'
config:
emailTemplate: offboarding-warning
- uses: delete-user
after: '2592000000'
pulumi {
required_providers {
keycloak = {
source = "pulumi/keycloak"
}
}
}
resource "keycloak_workflow" "offboard" {
realm = realm.id
name = "offboard-users"
on = "user_created"
enabled = true
steps {
uses = "notify-user"
after = "2505600000"
config = {
"emailTemplate" = "offboarding-warning"
}
}
steps {
uses = "delete-user"
after = "2592000000"
}
}
Create Workflow Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Workflow(name: string, args: WorkflowArgs, opts?: CustomResourceOptions);@overload
def Workflow(resource_name: str,
args: WorkflowArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Workflow(resource_name: str,
opts: Optional[ResourceOptions] = None,
on: Optional[str] = None,
realm: Optional[str] = None,
steps: Optional[Sequence[WorkflowStepArgs]] = None,
cancel_in_progress: Optional[str] = None,
conditions: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
restart_in_progress: Optional[str] = None)func NewWorkflow(ctx *Context, name string, args WorkflowArgs, opts ...ResourceOption) (*Workflow, error)public Workflow(string name, WorkflowArgs args, CustomResourceOptions? opts = null)
public Workflow(String name, WorkflowArgs args)
public Workflow(String name, WorkflowArgs args, CustomResourceOptions options)
type: keycloak:Workflow
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "keycloak_workflow" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args WorkflowArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WorkflowArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WorkflowArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WorkflowArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WorkflowArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var workflowResource = new Keycloak.Workflow("workflowResource", new()
{
On = "string",
Realm = "string",
Steps = new[]
{
new Keycloak.Inputs.WorkflowStepArgs
{
Uses = "string",
After = "string",
Config =
{
{ "string", "string" },
},
},
},
CancelInProgress = "string",
Conditions = "string",
Enabled = false,
Name = "string",
RestartInProgress = "string",
});
example, err := keycloak.NewWorkflow(ctx, "workflowResource", &keycloak.WorkflowArgs{
On: pulumi.String("string"),
Realm: pulumi.String("string"),
Steps: keycloak.WorkflowStepArray{
&keycloak.WorkflowStepArgs{
Uses: pulumi.String("string"),
After: pulumi.String("string"),
Config: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
},
CancelInProgress: pulumi.String("string"),
Conditions: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
RestartInProgress: pulumi.String("string"),
})
resource "keycloak_workflow" "workflowResource" {
on = "string"
realm = "string"
steps {
uses = "string"
after = "string"
config = {
"string" = "string"
}
}
cancel_in_progress = "string"
conditions = "string"
enabled = false
name = "string"
restart_in_progress = "string"
}
var workflowResource = new Workflow("workflowResource", WorkflowArgs.builder()
.on("string")
.realm("string")
.steps(WorkflowStepArgs.builder()
.uses("string")
.after("string")
.config(Map.of("string", "string"))
.build())
.cancelInProgress("string")
.conditions("string")
.enabled(false)
.name("string")
.restartInProgress("string")
.build());
workflow_resource = keycloak.Workflow("workflowResource",
on="string",
realm="string",
steps=[{
"uses": "string",
"after": "string",
"config": {
"string": "string",
},
}],
cancel_in_progress="string",
conditions="string",
enabled=False,
name="string",
restart_in_progress="string")
const workflowResource = new keycloak.Workflow("workflowResource", {
on: "string",
realm: "string",
steps: [{
uses: "string",
after: "string",
config: {
string: "string",
},
}],
cancelInProgress: "string",
conditions: "string",
enabled: false,
name: "string",
restartInProgress: "string",
});
type: keycloak:Workflow
properties:
cancelInProgress: string
conditions: string
enabled: false
name: string
"on": string
realm: string
restartInProgress: string
steps:
- after: string
config:
string: string
uses: string
Workflow Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Workflow resource accepts the following input properties:
- On string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - Realm string
- The realm this workflow exists in. Changing this forces a new resource.
- Steps
List<Workflow
Step> - One or more step blocks defining the actions to execute, in order.
- Cancel
In stringProgress - Event that cancels an in-progress workflow execution.
- Conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - Enabled bool
- Whether the workflow is enabled. Defaults to
true. - Name string
- The name of the workflow.
- Restart
In stringProgress - Event that restarts an in-progress workflow execution.
- On string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - Realm string
- The realm this workflow exists in. Changing this forces a new resource.
- Steps
[]Workflow
Step Args - One or more step blocks defining the actions to execute, in order.
- Cancel
In stringProgress - Event that cancels an in-progress workflow execution.
- Conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - Enabled bool
- Whether the workflow is enabled. Defaults to
true. - Name string
- The name of the workflow.
- Restart
In stringProgress - Event that restarts an in-progress workflow execution.
- on string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm string
- The realm this workflow exists in. Changing this forces a new resource.
- steps list(object)
- One or more step blocks defining the actions to execute, in order.
- cancel_
in_ stringprogress - Event that cancels an in-progress workflow execution.
- conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled bool
- Whether the workflow is enabled. Defaults to
true. - name string
- The name of the workflow.
- restart_
in_ stringprogress - Event that restarts an in-progress workflow execution.
- on String
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm String
- The realm this workflow exists in. Changing this forces a new resource.
- steps
List<Workflow
Step> - One or more step blocks defining the actions to execute, in order.
- cancel
In StringProgress - Event that cancels an in-progress workflow execution.
- conditions String
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled Boolean
- Whether the workflow is enabled. Defaults to
true. - name String
- The name of the workflow.
- restart
In StringProgress - Event that restarts an in-progress workflow execution.
- on string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm string
- The realm this workflow exists in. Changing this forces a new resource.
- steps
Workflow
Step[] - One or more step blocks defining the actions to execute, in order.
- cancel
In stringProgress - Event that cancels an in-progress workflow execution.
- conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled boolean
- Whether the workflow is enabled. Defaults to
true. - name string
- The name of the workflow.
- restart
In stringProgress - Event that restarts an in-progress workflow execution.
- on str
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm str
- The realm this workflow exists in. Changing this forces a new resource.
- steps
Sequence[Workflow
Step Args] - One or more step blocks defining the actions to execute, in order.
- cancel_
in_ strprogress - Event that cancels an in-progress workflow execution.
- conditions str
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled bool
- Whether the workflow is enabled. Defaults to
true. - name str
- The name of the workflow.
- restart_
in_ strprogress - Event that restarts an in-progress workflow execution.
- on String
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm String
- The realm this workflow exists in. Changing this forces a new resource.
- steps List<Property Map>
- One or more step blocks defining the actions to execute, in order.
- cancel
In StringProgress - Event that cancels an in-progress workflow execution.
- conditions String
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled Boolean
- Whether the workflow is enabled. Defaults to
true. - name String
- The name of the workflow.
- restart
In StringProgress - Event that restarts an in-progress workflow execution.
Outputs
All input properties are implicitly available as output properties. Additionally, the Workflow resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Workflow Resource
Get an existing Workflow resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WorkflowState, opts?: CustomResourceOptions): Workflow@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cancel_in_progress: Optional[str] = None,
conditions: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
on: Optional[str] = None,
realm: Optional[str] = None,
restart_in_progress: Optional[str] = None,
steps: Optional[Sequence[WorkflowStepArgs]] = None) -> Workflowfunc GetWorkflow(ctx *Context, name string, id IDInput, state *WorkflowState, opts ...ResourceOption) (*Workflow, error)public static Workflow Get(string name, Input<string> id, WorkflowState? state, CustomResourceOptions? opts = null)public static Workflow get(String name, Output<String> id, WorkflowState state, CustomResourceOptions options)resources: _: type: keycloak:Workflow get: id: ${id}import {
to = keycloak_workflow.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cancel
In stringProgress - Event that cancels an in-progress workflow execution.
- Conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - Enabled bool
- Whether the workflow is enabled. Defaults to
true. - Name string
- The name of the workflow.
- On string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - Realm string
- The realm this workflow exists in. Changing this forces a new resource.
- Restart
In stringProgress - Event that restarts an in-progress workflow execution.
- Steps
List<Workflow
Step> - One or more step blocks defining the actions to execute, in order.
- Cancel
In stringProgress - Event that cancels an in-progress workflow execution.
- Conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - Enabled bool
- Whether the workflow is enabled. Defaults to
true. - Name string
- The name of the workflow.
- On string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - Realm string
- The realm this workflow exists in. Changing this forces a new resource.
- Restart
In stringProgress - Event that restarts an in-progress workflow execution.
- Steps
[]Workflow
Step Args - One or more step blocks defining the actions to execute, in order.
- cancel_
in_ stringprogress - Event that cancels an in-progress workflow execution.
- conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled bool
- Whether the workflow is enabled. Defaults to
true. - name string
- The name of the workflow.
- on string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm string
- The realm this workflow exists in. Changing this forces a new resource.
- restart_
in_ stringprogress - Event that restarts an in-progress workflow execution.
- steps list(object)
- One or more step blocks defining the actions to execute, in order.
- cancel
In StringProgress - Event that cancels an in-progress workflow execution.
- conditions String
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled Boolean
- Whether the workflow is enabled. Defaults to
true. - name String
- The name of the workflow.
- on String
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm String
- The realm this workflow exists in. Changing this forces a new resource.
- restart
In StringProgress - Event that restarts an in-progress workflow execution.
- steps
List<Workflow
Step> - One or more step blocks defining the actions to execute, in order.
- cancel
In stringProgress - Event that cancels an in-progress workflow execution.
- conditions string
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled boolean
- Whether the workflow is enabled. Defaults to
true. - name string
- The name of the workflow.
- on string
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm string
- The realm this workflow exists in. Changing this forces a new resource.
- restart
In stringProgress - Event that restarts an in-progress workflow execution.
- steps
Workflow
Step[] - One or more step blocks defining the actions to execute, in order.
- cancel_
in_ strprogress - Event that cancels an in-progress workflow execution.
- conditions str
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled bool
- Whether the workflow is enabled. Defaults to
true. - name str
- The name of the workflow.
- on str
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm str
- The realm this workflow exists in. Changing this forces a new resource.
- restart_
in_ strprogress - Event that restarts an in-progress workflow execution.
- steps
Sequence[Workflow
Step Args] - One or more step blocks defining the actions to execute, in order.
- cancel
In StringProgress - Event that cancels an in-progress workflow execution.
- conditions String
- An expression that must evaluate to true for the workflow to run (e.g.
has-role('some-role')). - enabled Boolean
- Whether the workflow is enabled. Defaults to
true. - name String
- The name of the workflow.
- on String
- The realm event that triggers the workflow. Supported values:
userCreated,userRemoved,userAuthenticated,userFederatedIdentityAdded,userFederatedIdentityRemoved,userGroupMembershipAdded,userGroupMembershipRemoved,userRoleGranted,userRoleRevoked. - realm String
- The realm this workflow exists in. Changing this forces a new resource.
- restart
In StringProgress - Event that restarts an in-progress workflow execution.
- steps List<Property Map>
- One or more step blocks defining the actions to execute, in order.
Supporting Types
WorkflowStep, WorkflowStepArgs
Import
Workflows can be imported using the format {{realm}}/{{workflow_id}}, where realm is the realm name and workflowId is the unique ID Keycloak assigns upon creation.
$ pulumi import keycloak:index/workflow:Workflow disable_inactive my-realm/cec54914-b702-4c7b-9431-b407817d059a
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
Viewing docs for Keycloak v6.12.0
published on Saturday, Jun 6, 2026 by Pulumi
published on Saturday, Jun 6, 2026 by Pulumi