Re: [keycloak-user] Is keycloak the tool I'm looking for? selective AD user sync
On 08/08/18 12:58, jlord87(a)gmail.com wrote:
Too bad, I would have probably needed the opposite, some kind of
"user
propagation".Would it makes any sense to create a realm for each AD and
configure as Identity provider another "master" realm - acting as
centralized user repository - in wich I would create a client template
for every AD?
>> But what we love about Keycloak is its ultimate extensibility, soI
>> wouldn't rule out the possibility of implementing this with the
>> help of an extension.
Not sure I understand whole context.
Just a note, that if you have Keycloak realm configured with multiple
different MSAD servers as LDAP providers, you can then configure one of
the MSAD servers with the flag "Sync registrations" to ON. Then if you
create new user in Keycloak, it will be propagated to this MSAD, which
you configured with the "Sync registrations" flag ON.
Marek