From 031b6604a2cbba8aa5e5dd9844572c577481a2c4 Mon Sep 17 00:00:00 2001
From: Stefan Guilhen <sguilhen@redhat.com>
Date: Tue, 31 Mar 2026 17:15:17 -0300
Subject: [PATCH] Ensure all workflow steps are described in the documentation.
 - also change name of add/remove required action providers to better align
 with other step providers.

Closes #47655

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
---
 .../topics/workflows/defining-steps.adoc      | 46 ++++++++++++++-----
 .../understanding-workflow-definition.adoc    |  4 +-
 .../AddRequiredActionStepProviderFactory.java |  2 +-
 ...moveRequiredActionStepProviderFactory.java |  2 +-
 4 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/docs/documentation/server_admin/topics/workflows/defining-steps.adoc b/docs/documentation/server_admin/topics/workflows/defining-steps.adoc
index 4af9eb7c5a1..b17ef595b48 100644
--- a/docs/documentation/server_admin/topics/workflows/defining-steps.adoc
+++ b/docs/documentation/server_admin/topics/workflows/defining-steps.adoc
@@ -64,22 +64,46 @@ on the realm resource associated with the event, so that each realm resource typ
 |Step
 |Description
 |Configuration
-| `set-user-required-action` | Set a required action to the user a|
+| `add-required-action` | Add a required action to the user a|
 * `action`: The name of the required action
-| `delete-user` | Delete the user | None
-| `disable-user` | Disable the user | None
+| `remove-required-action` | Remove a required action from the user a|
+* `action`: The name of the required action
+| `grant-role` | Grant one or more roles to the user a|
+* `role`: One or more role names to grant. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `revoke-role` | Revoke one or more roles from the user a|
+* `role`: One or more role names to revoke. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `join-group` | Add the user to one or more groups a|
+* `group`: One or more group names or paths to join. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `leave-group` | Remove the user from one or more groups a|
+* `group`: One or more group names or paths to leave. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `set-user-attribute` | Set one or more attributes on the user. Allows providing multiple `<name>`/`<value>` pairs a|
+* `<name>`: The attribute name
+* `<value>`: The value of the attribute
+| `remove-user-attribute` | Remove one or more attributes from the user a|
+* `attribute`: One or more attribute names to remove. This can be a single value or a list of values (e.g., `[value1, value2]`)
+| `notify-user` | Notify the user by email a|
+* `subject`: The email subject
+* `message`: The email message in plain text or HTML format
+* `to`: The recipient email address. If not provided, the user's email address will be used
 | `unlink-user` | Unlink the user from one or more external Identity Providers a|
 * `idp`: One or more Identity Provider aliases to unlink. This can be:
 ** Single value
-** List of values (i.e., `["value", "value2"]`) 
+** List of values (e.g., `[value1, value2]`)
 ** `*` to unlink user from all linked Identity Providers
-| `notify-user` | Notify the user by email a|
-- `subject`: The email subject
-- `message`: The email message in plain text or HTML format
-- `to`: The recipient email address. If not provided, the user's email address will be used
-| `set-user-attribute` | Set an attribute to the user. Allows providing multiple `<name>`/`<value>` pairs a|
-- `<name>`: The attribute name
-- `<value>`: The value of the attribute
+| `disable-user` | Disable the user | None
+| `delete-user` | Delete the user | None
+|===
+
+[[_workflow_client_steps_]]
+== Client steps
+
+[cols="3*", options="header"]
+|===
+|Step
+|Description
+|Configuration
+| `delete-client` | Delete the client | None
+| `disable-client` | Disable the client | None
 |===
 
 [[_workflow_immediate_steps_]]
diff --git a/docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc b/docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc
index 0df47a0d17b..241ea1b1c4f 100644
--- a/docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc
+++ b/docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc
@@ -24,7 +24,7 @@ steps:
            Best regards,<br/>
            ${realm.displayName} Team
         </p>
-  - uses: set-user-required-action
+  - uses: add-required-action
     after: 30d
     with:
       action: UPDATE_PASSWORD
@@ -40,7 +40,7 @@ It is composed of three main sections:
 *   `on`: The event that will trigger the workflow. In this case, the workflow is triggered when a new user is added to the realm.
 *   `steps`: A set of one or more steps to be executed when executing a workflow execution. In this example, three steps are defined:
     1. The first step uses the built-in `notify-user` action to send a welcome message to the new user.
-    2. The second step uses the built-in `set-user-required-action` action to require the user to update their password after 30 days.
+    2. The second step uses the built-in `add-required-action` action to require the user to update their password after 30 days.
     3. The third step uses the built-in `restart` action to restart the workflow from the second step so that the user is forced to update their password every 30 days.
 
 Here is a more detailed look at all settings available from the workflow definition:
diff --git a/services/src/main/java/org/keycloak/models/workflow/AddRequiredActionStepProviderFactory.java b/services/src/main/java/org/keycloak/models/workflow/AddRequiredActionStepProviderFactory.java
index 46544c29add..6eb8e69d810 100644
--- a/services/src/main/java/org/keycloak/models/workflow/AddRequiredActionStepProviderFactory.java
+++ b/services/src/main/java/org/keycloak/models/workflow/AddRequiredActionStepProviderFactory.java
@@ -7,7 +7,7 @@ import org.keycloak.models.KeycloakSession;
 
 public class AddRequiredActionStepProviderFactory implements WorkflowStepProviderFactory<AddRequiredActionStepProvider> {
 
-    public static final String ID = "set-user-required-action";
+    public static final String ID = "add-required-action";
 
     @Override
     public AddRequiredActionStepProvider create(KeycloakSession session, ComponentModel model) {
diff --git a/services/src/main/java/org/keycloak/models/workflow/RemoveRequiredActionStepProviderFactory.java b/services/src/main/java/org/keycloak/models/workflow/RemoveRequiredActionStepProviderFactory.java
index 93098dea24e..544a5522775 100644
--- a/services/src/main/java/org/keycloak/models/workflow/RemoveRequiredActionStepProviderFactory.java
+++ b/services/src/main/java/org/keycloak/models/workflow/RemoveRequiredActionStepProviderFactory.java
@@ -7,7 +7,7 @@ import org.keycloak.models.KeycloakSession;
 
 public class RemoveRequiredActionStepProviderFactory implements WorkflowStepProviderFactory<RemoveRequiredActionStepProvider> {
 
-    public static final String ID = "remove-user-required-action";
+    public static final String ID = "remove-required-action";
 
     @Override
     public RemoveRequiredActionStepProvider create(KeycloakSession session, ComponentModel model) {