Back in the console, select Clients under the Realm.
Select Create.
Define a Client ID , e.g kasm-12345. Select openid-connect for Client Protocol and enter the URL for
the Kasm deployment under Root URL (e.g https://kasm.example.com).
The previous configurations will instruct the identity provider to send a list of Security Group ID the user belongs to during
the OpenID auth workflow. We can configure Kasm Groups with the Security Group IDs from Azure AD so that users are automatically added/removed
based on their Azure AD group Membership.
On the groups screen, using the three dot menu select View on the group that was just created.
Scroll to the bottom of the screen and select Add SSO Mapping.
Select the OpenID IDP that was created above “OpenID - Continue with Keycloak” for the SSO Provider.
#. Then enter the Keycloak group name desired in the Group Attributes field, e.g /Kasm-Test.
Note the slash. This is needed when Full group path is set in the Keycloak Client Mapper which is the default.