Hi Graham, Have you checked using custom mappers (https://www.keycloak.org/docs/latest/server_admin/index.html#_mappers). I am not 100% sure but I if I recall correctly, they retrieve and map the external information every time a user logs in... Best regards, Sebastian Mit freundlichen Grüßen / Best regards Dr.-Ing. Sebastian Schuster Open Source Services (INST-CSS/BSV-OS) Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; On Behalf Of Graham Burgess Sent: Samstag, 22. September 2018 22:58 To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] Sync of OpenID Connect Profile So I am attempting to use Keycloak to use an external IDP transparently. I have managed to get it to go through the first broker login flow but it has me wondering, does it keep the Keycloak profile in sync with the external? I suspect not, and if that is the case, I was wondering if any one had any suggestions on how to implement that sort of functionality? Best regards, Graham Burgess RΛZΞR|stormmore Sr. DevOps Engineer (USA) Email: graham.burgess(a)razer.com [http://assets.razerzone.com/email/email-sig.jpg] Razer.com<https://www.razer.com/> | Razer Game Store<https://gamestore.razer.com/> | Razer Insider<https://insider.razer.com/> | Razer zVault<https://zvault.razer.com/> [https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/F_icon.svg/200p... [Twitter_Social_Icon_Rounded_Square_Color] <https://twitter.com/Razer> [glyph-logo_May2016] <https://www.instagram.com/razer/> [youtube_social_squircle_red] <https://www.youtube.com/Razer?sub_confirmation=1> Razer Inc. (San Francisco) 201 3rd Street, Suite 900 San Francisco CA 94103, USA Tel: +1 (415) 266 5300 Razer Inc. Stock Code: 1337.HK IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or otherwise protected from disclosure. If you are not an intended recipient, do not copy, distribute or use its contents. Do inform the sender that you have received the message in error and delete it from your system. E-mails are not secure and may suffer errors, computer viruses, delay, interception and amendment. Razer accepts neither risk nor liability for any damage or loss caused by this e-mail. To the extent permitted by applicable law, Razer reserves the right to retain, monitor and intercept e-mails to and from its systems.

Thank Tim, That definitely looks like I am looking for. I just want 1-way sync from the external IDP as I am trying to make Keycloak as invisible as possible. Best regards, Graham Burgess RΛZΞR|stormmore Sr. DevOps Engineer (USA) Email: graham.burgess(a)razer.com DID: (415) 374 0639 Razer Inc. Stock Code: 1337.HK IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or otherwise protected from disclosure. If you are not an intended recipient, do not copy, distribute or use its contents. Do inform the sender that you have received the message in error and delete it from your system. E-mails are not secure and may suffer errors, computer viruses, delay, interception and amendment. Razer accepts neither risk nor liability for any damage or loss caused by this e-mail. To the extent permitted by applicable law, Razer reserves the right to retain, monitor and intercept e-mails to and from its systems. -----Original Message----- From: Tim Hedlund <tim.hedlund(a)outlook.com&gt; Sent: Monday, September 24, 2018 6:14 AM To: Graham Burgess <graham.burgess(a)razer.com>; keycloak-user(a)lists.jboss.org Subject: RE: Sync of OpenID Connect Profile Hi Graham, I think https://issues.jboss.org/browse/KEYCLOAK-3355 is what you are looking for. I don't know the status of this jira but as this is not a trivial fix I guess more people need to request it. I'm also interested in any other ways of achieving this sync, although I only need it one-way. Regards Tim -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; On Behalf Of Graham Burgess Sent: den 22 september 2018 22:58 To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] Sync of OpenID Connect Profile So I am attempting to use Keycloak to use an external IDP transparently. I have managed to get it to go through the first broker login flow but it has me wondering, does it keep the Keycloak profile in sync with the external? I suspect not, and if that is the case, I was wondering if any one had any suggestions on how to implement that sort of functionality? Best regards, Graham Burgess RΛZΞR|stormmore Sr. DevOps Engineer (USA) Email: graham.burgess(a)razer.com [http://assets.razerzone.com/email/email-sig.jpg] Razer.com<https://www.razer.com/> | Razer Game Store<https://gamestore.razer.com/> | Razer Insider<https://insider.razer.com/> | Razer zVault<https://zvault.razer.com/> [https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/F_icon.svg/200p... [Twitter_Social_Icon_Rounded_Square_Color] <https://twitter.com/Razer> [glyph-logo_May2016] <https://www.instagram.com/razer/> [youtube_social_squircle_red] <https://www.youtube.com/Razer?sub_confirmation=1> Razer Inc. (San Francisco) 201 3rd Street, Suite 900 San Francisco CA 94103, USA Tel: +1 (415) 266 5300 Razer Inc. Stock Code: 1337.HK IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or otherwise protected from disclosure. If you are not an intended recipient, do not copy, distribute or use its contents. Do inform the sender that you have received the message in error and delete it from your system. E-mails are not secure and may suffer errors, computer viruses, delay, interception and amendment. Razer accepts neither risk nor liability for any damage or loss caused by this e-mail. To the extent permitted by applicable law, Razer reserves the right to retain, monitor and intercept e-mails to and from its systems.