On 23 Jun 2019, at 21:37, Remko Lodder <remko(a)FreeBSD.org&gt; wrote: Signed PGP part Hi, I am new to Keycloak and first of all I would like to thank you and all contributors for all your hard work. I have little experience with Keycloak and it’s usage so please put me on the correct track in case I am off :-) So: For a customer and my own environment I am implementing Keycloak. I am consolidating our users in one Realm and have added a multitude of clients (both saml as oidc). I would like to be able to place selectors on users when importing them or setting it manually, that someone has access to for example gitlab. I found that Okta has probably want I am looking for described here: https://help.okta.com/en/prod/Content/Topics/Directory/group-assign-app.htm <https://help.okta.com/en/prod/Content/Topics/Directory/group-assign-app.h... Now, is there something like that also in Keycloak? I would like users to be part of a group, or role, or whatever and that way control who has access where, without needing to fiddle with the application on the back (I can do that for targetting specific roles, like admin, manager, read-write, read-only, etc). I was not able to find something similar .. so probably I overlooked it or didn’t understand the documentation :-) Any pointers/suggestions/this is not an option right now? Thanks & Again, thank you all, Remko