Automatic role/group assignment according to e-mail?

I’m running Keycloak on, and I’ve got open registrations set up.

Now, for all users with a (verified) e-mail address *, I’d like to automatically assign them to a role or a group (something like local or trusted). Is this possible?

Obviously, I could do this on the client-side too, but this way I could avoid hard-coding the e-mail domain in the app, as well as the “doubled” if (group == 'local' OR email.endsWith( check, so I wonder. Thanks in advance!

If you want to do it as part of Registration, you can override RegistrationUserCreation (keycloak/ at master · keycloak/keycloak · GitHub) and automatically add the new user to the role/group there. Note this will only work for new users.