Configuring user and administrator groups

Last Updated : Jun 08, 2026 |

About this task

You must create the following two groups, which IDs you will use to configure attribute mapping between Keycloak and Azure AD:

  • User group.

  • Administrator group, which is used for administration purposes.

Every Azure AD user who requires SSO capabilities must belong to either of these groups.

Procedure

Repeat the following steps for each group:

  1. Log in to the Microsoft Azure portal as a Global Administrator.
  2. Navigate to Azure Active Directory > Groups.
  3. Click New group.
  4. In Group type, select Security.
  5. In Group name, type a name of your choice for the group.

    For example, USER for the user group and ADMIN for the administrator group.

  6. In Group description, provide a description for the group.
  7. In Owners, click No owners selected, select an appropriate owner for the group and then click Select.
  8. In Members, click No members selected, select users that you want to add to the group and then click Select.
  9. Click Create.