Help with external auth (Azure AD via OIDC) and limited password access

Hello, we are using keycloak and have the following requirements. For nearly all of our users, we want external authentication to be used via OIDC and Azure AD. We have this working and we’re very happy. However, for 1-2 users, our realm must still support “local password” authentication for admin purposes.

We cannot seem to achieve this and need some help. What we want to do is enable ROPC grant (and I do understand this is not recommended) for users that basically do nothing more than login via username/password for purposes of accessing our graphql API of our application. So very limited, backend operations that handle provisioning activity.

Any help is much appreciated.