New user: claims and roles

Hello, I have what I think is a very basic and common question but I’m struggling to find an answer.

I’m doing some very basic testing with keycloak 15 and trying to understand how it is supposed to work.

I created a facebook app and configured it as an Identity provider and confirmed I could login to keycloak’s console via oauth.

I then created 2 groups and put different roles in each group. So far so good.

I then created 2 facebook accounts with different email addresses to try and test if keycloak would automatically put them in groups based on the email address being claimed.

My idea for a test was to tell keycloak to look at a new user, see what their email address is and through maybe a regex have keycloak automatically put them in a group based on the result of the regex.

This is proving to be so difficult I wonder if I’m even using the tool correctly, can someone tell me if I’m going about this in an entirely wrong way?