[keycloak-user] Mapping provider user ID to user attribute

[Ruh, Garret]

Context: Using Keycloak as an OpenID Connect identity broker, and onboarding an IDP.

Is it possible to map a provider user ID (from an OpenID Connect identity provider – so the value in the sub claim) to a user attribute? Have attempted using an "Attribute Importer" mapper w/ claim "sub" to no avail. End goal is to include that attribute (if it exists) in generated access tokens so that applications can still reference the provider user ID during a transitional period.

Seems like it’d be a pretty common use case, so apologies if this has been asked and answered before. Could be missing the applicable search term(s).


Regards,
Garret Ruh

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.