Keycloak 26 - Identity Provider - OpenID Connect v1.0 - Mappers

Hi,

I am currently using Keycloak version 26.5.6 and trying to configure a new Identity Provider using OpenID Connect v1.0 with Entra ID (Azure AD).

The issue I’m facing is related to roles. I have roles assigned to my user account in Entra ID, but when I log in through my application via Keycloak, these roles are not visible or accessible.

I’ve followed several guides and tutorials, but most of them are based on Keycloak 24.x. These tutorials suggest using a mapper type like “Claim to Role.” However, in Keycloak 26.x, I cannot find this option. The available mapper types I see are:

• Attribute Importer

• Hardcoded Attribute

• Hardcoded Group

• Hardcoded Role

• Hardcoded User Session Attribute

• Username Template Importer

Because of this difference, I’m unsure how to correctly map roles from Entra ID into Keycloak in the newer version.

Moreover, how would fill the social profile JSON Field path and User Attribute Name:

Could anyone please guide me on how to achieve this in Keycloak 26.x?

Thanks in advance!

image1224×934 39 KB

Are you sure you are using an OpenID Connect v1.0 provider? Or just the Microsoft social provider?

The Microsoft provider only has these mappers you are experiencing, if you use the generic OIDC provider, then you’ll have all of the available mappers.

The Microsoft provider is mainly for social purposes, like private MS accounts, not enterprise purposes, thus the limited functionality.

There is no difference between version 24 and 26.