Hello Keycloak users. Did anybody tried to do something with the amr claim sent by an IdP to Keycloak on identity brokering? We did a POC using Azure AD as an IdP with Keycloak. Azure AD is configured to force user to do a multi factor authentication (MFA). When I log to my application secured by Keycloak using my Azure AD identity The access token recieved by Keycloak from Azure AD contains the following amr claim: "amr": [ "pwd", "mfa" ], This claim tell that I was authentified using a password and mfa. When I look to the access Token Keycloak gave me, there is no such amr claim? Is there a way other than creating an SPI to propagate this claim from Azure AD access token to Keycloak Access Token? What we want to do is to ask a user that was not authentified by an external multi factor authenticfiation to use the Keycloak OTP when accessing sensible applications. Thankyou.