Keycloak: duplicate roles in different realm to authenticate same application

Scenario: there are two types of keyclaok users one is front end human users and second is technical users(like API application users). at the moment all users under single realm and it working fine. But now we need to enable the 2FA(OTP) in realm level. here the issue is technical users(API users) doesn’t has valid email id, hence the application brake. so we decided to move all technical users to new second realm but the problem is from the second realm technical users is not able to map the roles from the first ream. In order to overcome this we decided to copy all the roles from first realm to second realm … but don’t seem to be able to authenticate the application … any solution to overcome this challenge please.