Assigning group automatically when a user sign in from an IDP

1,630 views
Skip to first unread message

Kibrom Abraha

unread,
Jul 23, 2020, 9:00:48 AM7/23/20
to Keycloak User
Hi all,
Here is the requirement we are having issue with.
We have a list of groups in keycloak.
Users are coming from external IDP(Identity providers).
When a user comes for the first time from an external IDP, we want to assign it to one of the available groups automatically. We have already added the IDPs and groups in keycloak server, and we know the mapping before the user tries to signin/register using the external IDP. 

Thanks,

Kalithasan Periyasamy

unread,
Oct 28, 2021, 11:35:02 AM10/28/21
to Keycloak User
Hi, 
Did you get any solution to map groups to user from external IDP ? 
if you have, please share to me.

Thanks in advance.

David Kanenwisher

unread,
Nov 3, 2021, 10:46:55 AM11/3/21
to Keycloak User
I don't think it's supported by standard Keycloak configuration. You'll most likely need to implement one of the Service Provider Interfaces. I've done something similar with the User Storage SPI but I suspect that's more than is needed here. You may be able to just use the Event Listener SPI and add the group to the user through the Keycloak API when a new user logs in from an IDP.

Hope that helps!

David

Schuster Sebastian (IOC/PAU1)

unread,
Nov 3, 2021, 11:43:02 AM11/3/21
to David Kanenwisher, Keycloak User

We have opened a PR for a mapper that would probably support this: https://github.com/keycloak/keycloak/pull/8467

 

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster

Product Area User Management (IOC/PAU1)
Robert Bosch GmbH | Postfach 10 60 50 | 70049 Stuttgart | GERMANY | www.bosch.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100 | Sebastian...@bosch.io

Sitz: Stuttgart, Registergericht: Amtsgericht Stuttgart, HRB 14000;
Aufsichtsratsvorsitzender: Franz Fehrenbach; Geschäftsführung: Dr. Volkmar Denner,
Prof. Dr. Stefan Asenkerschbaumer, Filiz Albrecht, Dr. Christian Fischer, Dr. Stefan Hartung,
Dr. Markus Heyn, Harald Kröger, Rolf Najork

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/c46639a5-0333-4fd1-85de-49745cc35c1an%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages