Groups claim not getting added #30113
Replies: 1 comment 6 replies
-
Your IDP mapper looks a bit suspicious. In Keycloak 23, there is an additional config value "User Attribute Name", which is either not shown in your screenshot or somehow does not exist in your setup. ("User Attribute Name" should be "groups" in your case.) Btw, have you to tried to login at Entra ID directly and checked that groups are actually contained in the token? Furthermore, there is an issue in case of many groups in Entra ID: If a user has many groups, only a shortened claim is returned, with a link to all groups. Maybe you also like to have a look at this discourse discussion, which provides some more insights on this topic: https://keycloak.discourse.group/t/groups-from-azure-ad/4876/7 |
Beta Was this translation helpful? Give feedback.
-
Version: 24.0.4
We are doing SSO login using Azure Entra ID and we want the groups claim to be mapped to the KC token from Azure's id token.
On Azure side we have it configured it like this, as their documentation instructs:
On Keycloak side, we have:
But despite all this, KC token does not contain the groups claim. I believe I am missing some "magic configuration" which will finally make the claim appear. Any help us highly appreciated.
Beta Was this translation helpful? Give feedback.
All reactions