Context:
I have an application that utilizes Keycloak (version 22.0.5) for Authentication and Authorization. The Keycloak server is connected to my customer’s Active Directory (AD) using LDAP. The customer’s AD has a flat structure, with all 14,000 users residing in the same Organizational Unit (OU). However, only a subset of these users will be using my application.
The Challenge:
The customer does not want the Keycloak and my application’s databases to be aware of all 14,000 users. They only want the users who will be using the application to be present in the databases. The customer does not want to add a flag to the users or put them in a specific group in the AD, as they do not want to change anything in the AD.
The Desired Solution:
I need a way to search and import users from the AD one by one, and prevent Keycloak from automatically syncing all the users from the AD to the Keycloak database.
I would appreciate any guidance or suggestions from the Keycloak community on how to address this challenge…