Hi Bill, For the most part, I liked how PicketLink IDM relationships were structured. If I recall correctly, it was something like this: Users could be assigned to 0...n Groups Groups could have subgroups Roles could be assigned to 0...n Groups Roles could be assigned to 0..n Users So, we could manage security within a hierarchical group structure but also add additional roles on per-user basis when needed. If it could all also optionally be done with composite roles, all the better. Some relevant documentation: https://docs.jboss.org/picketlink/2/latest/reference/html-single/#chap-Id... https://docs.jboss.org/picketlink/2/latest/reference/html-single/#sect-Ma... https://docs.jboss.org/picketlink/2/latest/reference/html-single/#Realms_... John -----Original Message----- From: Bill Burke <bburke(a)redhat.com&gt; Subject: Re: [keycloak-user] Keycloak to set up Teams and Organizations To: keycloak-user(a)lists.jboss.org Message-ID: <561D2EBC.50509(a)redhat.com&gt; Content-Type: text/plain; charset=windows-1252; format=flowed You just want something like github groups? List your requirements. I am starting on Groups next week after 1.6 goes out.