Mr_Thorynque
Reputation: 2012
Configure Azure AD as Identity provider OIC in Keycloack and email attribute
I success configuring Azure AD as identity provider using OIC in Keycloack. But it ask email during the first connection with keycloak.
And I can't find how to create the mapper to populate email in keycloack with the one of Azure AD.
I figure that it's the userprincipalname that I get the email.
So I try that without success:
Upvotes: 1
Views: 3454
Answers (2)
Rufus
Reputation: 1
I had the same issue.
- You need to create a new "Flow" in Authentication tab and "Add Execution" then add the Flow : "Create User If Unique".
- In Identity Providers tab, you need to change the "First Login Flow" option, and pick the flow you've just created.
Upvotes: 0
juunas
Reputation: 58873
The UPN claim is upn. With v2 endpoint of AAD, you could also require the email scope and get the email in email claim. UPN and email can be different in some cases.
Upvotes: 1
Related Questions
- Client Credentials grant with Keycloak as an identity broker for Azure AD
- keycloak integration with Azure AD for webapp authentication
- Azure Ad as OIDC Identity provider in keycloak, but a random UUId is added as IDP "userid" and not able to sync with the already existing user
- How to map azure object_id in oidc identity provider in keycloak?
- How to Implement Azure AD B2C Identity Experience Framework Sign-In with Optional Email OTP
- SSO with Keycloak and Azure Active Directory
- How to synchronize Microsoft users from Azure into the Keycloak
- How keycloak sets up user information from an external identity provider
- How to configure Windows Azure as an Identity Provider with Oauth 2.0
- Add Windows Azure AD Tenant as an Identity Provider using OAuth 2 endpoint