Hi,

I have added Keycloak as an external authentication provider with OIDC.
The Keycloak instance delegates the authentication to a federation server (LDAP) and only allows users belonging to specific LDAP groups.

These LDAP groups are mapped to Keycloak roles. When a user is authenticated, the access token contains the roles the user is assigned to and this could be potentially used by Corteza in order to get permissions (User, Admin, Viewer, etc…).
Can you please let me know if, currently, Corteza is using any of these roles to map them to application roles/permissions? and is there any way to do so today?

Thanks!
Stephane.