Configuring identical Roles for Multiple Groups in Keycloak

Last Updated : Jun 10, 2026 |

Procedure

  1. Log in to the Keycloak web administration interface.

    For more information, see Logging in to the Keycloak web administration portal.

  2. On the Keycloak web administration interface, navigate to Solution Realm > Identity providers.
  3. In the Identity Providers page, click the required provider.
  4. Click the Mappers tab.
  5. Click Add Mapper.

    Keycloak displays the Add Identity Provider Mapper page.

  6. In the Name field, provide a name for the mapper.

    For example: aads.user

    Sync mode override field has the value Inherit selected by default.

  7. From the Mapper Type drop-down menu, select Advanced Attribute to Role.
  8. Enter the Attributes Key as required by the customer.
  9. Use Regex expressions to combine multiple groups that assign the same role and add the Attributes Value.
  10. Turn the Regex Attribute Values button On.
  11. Click Select Role.

    Keycloak displays the Role Selector page.

  12. To filter options based on clients select Filter by clients from the filter drop-down list.
  13. From the list of clients select the required option. For example:aads.user.
  14. Click Assign.
  15. On the Add Identity Provider Mapper page, click Save.