How to retrieve extra user attributes from Azure AD using Keycloak?

linus · March 13, 2023, 7:44am

I would like to ask for help with retrieving extra user attributes from Azure AD using Keycloak.

I have successfully used identity brokering with OpenID Connect V1 to import users from Azure AD into my Keycloak realm. However, I also need to retrieve additional user attributes such as address, phone number, and avatar for my end application that uses Keycloak for authentication.

I am considering two possible solutions, and I am seeking advice on which one would be better:

Using Keycloak mappers to map attributes from the Azure AD access token
Only use identity brokering to transmit the necessary data and for user authorization and fetching all extra attributes with an independent query using MS Graph.

I would appreciate any guidance or suggestions on the best approach to retrieve these extra attributes. Thank you in advance for your help.

dasniko · March 13, 2023, 7:57am

Easiest way would be to add the desired information to the token issued by Azure and map them to Keycloak in the IdP mappers.
You’ll have to ask your Azure AD administrator to do this for your app registration in Azure. I can’t tell you anything about proper(!) token configuration in AAD.

Topic		Replies	Views
Matching identities from Azure AD IdP and Keycloak	0	359	September 7, 2022
Attribute Importer Mapper Configuring the server oidc	1	1409	August 25, 2022
How does Keycloak get 'Identity Provider ID' or 'username' from Azure AD? Configuring the server	4	4124	January 12, 2024
Linking user from Azure AD to Keycloak account Getting advice user-federation , oidc	4	403	February 2, 2024
Client Credentials grant with Keycloak as an identity broker for Azure AD Getting advice authentication , identity-brokering , oidc	0	590	August 2, 2021

How to retrieve extra user attributes from Azure AD using Keycloak?

Related Topics