How to retrieve extra user attributes from Azure AD using Keycloak?

I would like to ask for help with retrieving extra user attributes from Azure AD using Keycloak.

I have successfully used identity brokering with OpenID Connect V1 to import users from Azure AD into my Keycloak realm. However, I also need to retrieve additional user attributes such as address, phone number, and avatar for my end application that uses Keycloak for authentication.

I am considering two possible solutions, and I am seeking advice on which one would be better:

  1. Using Keycloak mappers to map attributes from the Azure AD access token
  2. Only use identity brokering to transmit the necessary data and for user authorization and fetching all extra attributes with an independent query using MS Graph.

I would appreciate any guidance or suggestions on the best approach to retrieve these extra attributes. Thank you in advance for your help.

Easiest way would be to add the desired information to the token issued by Azure and map them to Keycloak in the IdP mappers.
You’ll have to ask your Azure AD administrator to do this for your app registration in Azure. I can’t tell you anything about proper(!) token configuration in AAD.

1 Like