How to relate Keycloak entities (i.e. Users, Groups, Roles) with our legacy application


We are switch from our own homegrown auth solution and we would like to keep the primary keys when we migrate to Keycloak, since we can’t set our own primary keys in Keycloak when we importing users,roles and groups. I have considered using User Storage SPI (User Federation) but it seems like an overkill and not sure if it can be used for Roles and Groups as well. We have a SAAS multitenant application, and we are mapping our tenants as Keycloak groups, we are using only one realm for our application. Our tenants have existing primary keys, and we want to find a way to map it to Keycloak Groups with their primary key, same for our roles and users.

Any suggestions welcomed