I have a Keycloak and an AzureAD instance that is connected, but I only want people on the AzureAD with the group "App-User" to be able to use my app. How does this work?
thanks in advance!
Asked
Active
Viewed 964 times
1 Answers
0
Is App-User a group made in keycloak ? If you want to connect to particular user group in ldap then below is the configuration.
You need to add to Users DN in keycloak admin UI.
OU=App-User
Check out this link for more AD information
Harish Gupta
- 364
- 2
- 8
- 23
-
No, the "App-User" comes from AD, and if the user does not have this group we will not let the user register in keycloak / access the app – Magnusev Dec 12 '19 at 11:22
-
ok, i have answered it accordingly. can you tell me what have you input in Users DN in keycloak ? – Harish Gupta Dec 12 '19 at 11:27
-
Ah, I use Identity provider, not user federation! is user federation more suited for this work? – Magnusev Dec 12 '19 at 11:47
-
Identity provider is something when user wants to login via social accounts or something e.g. stackoverflow provides us different identity providers like google facebook etc. https://www.keycloak.org/docs/latest/server_admin/#_ldap – Harish Gupta Dec 12 '19 at 12:16