I would like to ask for help with retrieving extra user attributes from Azure AD using Keycloak.
I have successfully used identity brokering with OpenID Connect V1 to import users from Azure AD into my Keycloak realm. However, I also need to retrieve additional user attributes such as address, phone number, and avatar for my end application that uses Keycloak for authentication.
I am considering two possible solutions, and I am seeking advice on which one would be better:
- Using Keycloak mappers to map attributes from the Azure AD access token
- Only use identity brokering to transmit the necessary data and for user authorization and fetching all extra attributes with an independent query using MS Graph.
I would appreciate any guidance or suggestions on the best approach to retrieve these extra attributes. Thank you in advance for your help.