Update Account Information issue - Identity Provider

I have configured the Azure AD as an Identity Provider to login to my application (Angular front end which then call bearer only app - both are setup in Keycloak).
The problem is when first time user logs in using AD credentials and Keycloak gets the user profile information from AD and update it locally.
While updating use information locally it shows Update Account Information page:

  1. What is the random string? How should I solve this problem?
  2. Why Keycloak is not properly fetching the user profile information from Azure AD? Is it something to do with maaping of attributes? if yes and where to do it? or can something be done at Azure AD side?
  3. Can we add or remove the fields from this form and get custom information available by Azure AD?

I am stuck here. No idea where to look, every time new user logs in using AAD, he/she needs to deal with this page.

I know here keycloak is using first broker login flow and the update info page can be avoided but we need this info. And what if we avoid this page.
How the user gets into Keycloak’s local database. Is there any alternative?

Hi there! Did you made it? I’mtrying to implement it with SAML but with no success…