I have added azure ad as identity provider in keycloak, i have added first login flow as “first broker login”, when a user logs in i see that a user get addded to keycloak and an IDP link is created with provider id populated as “sub” claim, is it possible to configure so that i get email as provider id in IDP link of user? If yes, How can we do it?
Hey, I don’t have an elegant answer for your use case but I would like to hear why do you need this?
An option to solve it is creating 2 keycloak instances, the first one is connected to the azure ad as you have already did, and the second one connect to the first keycloak as idp.
And then in the first keycloak configure a mapper that overrides the sub claim with some other value like the email.
This is the only solution I can think of but it is an overhead for something like that, so do it just if you really really need it.