Service account users

Hello Community,

I’m using Keycloak with MS active directory groups and users. The group membership management is done via AD and all changes are synced back to the keycloak.

The issue that I’m facing is service account users can’t be linked back to the AD users account nor can’t be pushed from keycloak back to AD. As a result, the management of service accounts users need to be completed from the keycloak admin console which breaks the management flow.

The service account users are used by M2M clients with client_credentials grant type. The group membership information is populated into bearer token attributes.

Are you aware of any workaround that helps to mitigate this issue please ? Also is there any way of linking service account user back to AD user account ? I have tried using service account user attributes to map into AD user account but this didn’t work

I would be grateful for any info.