I am trying to use client credentials grant for a back-end service using Keycloak as an identity broker for Azure AD. I also need to store access token from external IdP in Keycloak to retrieve group information from MS Graph API. I have this use case working for a confidential client using authorization code flow but I can’t get it to work with client credentials grant. I have created a “confidential” client in Keycloak with “Service Accounts Enabled” enabled. I have a also created an application in Azure AD with client credentials grant enabled and created a external Identity Provider in Keycloak. I get the access token from Keycloak after authenticating using client_id and client_secret but when I try to retrieve external IdP access token from Keycloak endpoint, I get an error message that says, “User [GUID] is not associated with identity provider”. First of all, I am not sure if this is a supported use case. I’d appreciate any suggestions or feedback.