Hello all, We're thinking of implementing something best described as client user federation management. Our Keycloak instance is used by customers (registered + federated) as well as employees (federated). As such we got a requirement from our security guys to restrict access to certain clients to particular user federation types (user type) on Keycloak. For example, we don't want the registered users to be able to access our internal systems (clients), these should be accessible only to employees - this could be easily done on client side, however the requirement is to have it "server" side. If possible, we'd like to have it accepted to main branch eventually (we count on sending a pull request), as such what is the preferred way implementing this? P. Stefka