Service account users

m1pl · April 16, 2020, 9:35am

Hello Community,

I’m using Keycloak with MS active directory groups and users. The group membership management is done via AD and all changes are synced back to the keycloak.

The issue that I’m facing is service account users can’t be linked back to the AD users account nor can’t be pushed from keycloak back to AD. As a result, the management of service accounts users need to be completed from the keycloak admin console which breaks the management flow.

The service account users are used by M2M clients with client_credentials grant type. The group membership information is populated into bearer token attributes.

Are you aware of any workaround that helps to mitigate this issue please ? Also is there any way of linking service account user back to AD user account ? I have tried using service account user attributes to map into AD user account but this didn’t work

I would be grateful for any info.

Regards,
George

Topic		Replies	Views
Service Account Federation Securing applications authentication , client-configuration , oidc	0	511	June 25, 2021
Questions regarding AD User Federation (as well as a potential bug) Getting advice	1	401	March 16, 2023
Use Keycloak to provide Self Service Password Reset to AD? Getting advice	2	6830	April 29, 2020
Mapping of group roles from LDAP to Keycloak	0	419	August 23, 2022
AD connected, App connected, but unable to login with AD user Configuring the server	1	892	September 29, 2020

Service account users

Related Topics