"Claim to User Group" Mapper

Hi all

I have an OIDC Identity Provider setup in Keycloak, and mapping incoming claims using the “Claim to Role” mapper - which is working fine.

However, I am looking for a way to map “Claim to Group” (i.e. a User Group defined in Keycloak) such that an incoming claim maps directly to a User Group which then in term adds all the Roles associated to the User Group as Claims. I cannot see anything in the documentation describing such a solution. Is this possible “out-of-the-box” - or are we talking Service Provider Interfaces (SPI) and some custom code in order to achieve this?

I guess that applying the “Claim to Role” mapper for all the Roles in a specific User Group would achieve the same result - but I am searching for a “smarter” solution - such as a “Claim to Group” mapper. :slight_smile:

Thank you in advance,


Also wanted to know this… did you reached the solution, @regin ?

Hi @MiguelAngeloC & @regin

I stumbled over the same thing. Did you maybe manage to find a solution to this? :slight_smile:

I’m looking for the same :smiley:

I have a similar need and since mapping to a Group does not ssem to work I am working with a “composite role” now to “group” the other necessary roles together.