Map Active Directory users and groups to roles

Viewed 89

I have configured OAuth2 and Keycloak analog for authorization using Microsoft Active Directory. It works. The user role is assigned to all users during authorization by default. I want to configure role mapping for users based on which domain group they are in. For example, so that some users get the user role and others get the moderator or admin role. Could you please advise me where I should start?

2 Answers

The problem was solved using a third-party method. It uses a small sidecar container and a simple script. It checks registered users and changes their role in the database via SQL query if the user group matches the one specified in the script.

At present, you can change user roles in the admin page. But there's no way to automatically configure roles based on a user's email domain.