Hi, there ,

Let me try to describe the case first. 

We are using SAML 2.0 ID broker to authenticate the users.   

From the returned assertions, we can only get the user's ID number.  

So far as we know ,there will be thousands of users . In ID provider system,

there is no role concept ,so not possible to return us the Role claim. 

Now we want to assign roles to those users in keycloak .  We made a rule .

For example, if the ID number is less than 100, we assign Role A to this user.

If ID number is between 101 and 1000, we assign Role B to it , and so on. 

Of course We can do this manually one by one in admin console. but for thousands of 

users, it doesn't make much sense.  

We notice there is a Mapper button when configuring the ID provider, is there any way

to achieve our goal with that mechanism?  

Thanks a lot.

Mai