[keycloak-user] Mapping Claims from Identity providers

I have configured Azure as my identity provider and I am assigning roles to my users in Keycloak based on claims I get from Azure. Once I have defined one or more Role Mappers and sign in with my Keycloak user for the first time the mapping is done and working as expected, however, once I create additional mappings the roles of the user are no longer updated. The only way to get an updated mapping is to delete my Keycloack user and sign in again. I tried to look it up in the documentation: Mapping Claims and Assertions https://www.keycloak.org/docs/3.2/server_admin/topics/identity-broker/map... .. "Each new user that logs into your realm via an external identity provider will have an entry for it created in the local Keycloak database. The act of importing metadata from the SAML or OIDC assertions and claims will create this data with the local realm database." ... Does this mean that I cannot expect new claim mappings to apply to existing users? Is there any way to do this ? ( I did send this message in April but it never showed up in the mailing list) -- Thomas Isaksen