Restrict client access to members of groups or roles

Dear Team,

First of all I am totally new keycloak and IAM.

My scenario:

  1. For now, we have multiple realms for different applications.
  2. All these realms have identity provider configured which is another dedicated realm.
  3. User are created in the identity provider realm and then they can access clients in other realms.
    I used this to configure Two Keycloaks on local machine to test brokering - Miscellanaeous - Keycloak

Now I want to create a group in this dedicated realm for providing access and use that group to access client on other realms.
So for example:
Realm atishay-test have a client ( I am using default account client realms/atishay-test/account/#/ ) and it should be denied for user atishay unless atishay is assigned a role or is in group which then allows accessing client.

So far I have tried creating the new authentication flow, following this security - Keycloak: Role based client log-in access restriction for users - Stack Overflow but it does not work. I get invalid credentials on the page without asking for credentials.

I also tried to enable authorization on the client but that also does not work, I get error

failed to initialize keycloak

and it is not solved by adding * to web origins. I had to turn off the confidential client to make it working again.

So I want to create users and groups in the dedicated realm (Identity-provider) and use them for access in the other realms.

Like I said I am totally new to this, it will be great if someone can help me on this.

Thanks in advance