In the above post we set up Jumpcloud SAML SSO auth to use Keycloak as the SP.
In addition, it is sometimes helpful to include your jumpcloud groups in the SAML token. The following instructions should help enable this.
Screenshot 2022-11-26 at 11.51.30.pngNow update your SAML app to include group information: Go to your SSO App click on the SSO Tab and scroll to the bottom tick the box for Group Attributes give it a name like memberOf (can be any name but you will need this for keycloak) click save
Screenshot 2022-11-26 at 12.00.33.pngConfigure Keycloak Open Keycloak admin portal for your realm Click on Roles and create a new role e.g. saml-group
Screenshot 2022-11-26 at 12.04.42.pngClick on Identity Providers and select the provider you created earlier (see above blog post) Click on the Mappers tab Click Create Give it a name e.g. saml-group select Sync Mode Overrride equal to force (this updates the groups associated with this account on every login) Create a new Attributes using the Jumpcloud Group Attributes identifier, in this case memberOf as the key and your Jumpcloud group name as the key Set Regex Attribute Values to On Under Role, choose the role you created
Screenshot 2022-11-26 at 12.11.52.png