Dynamically assign CUSTOMPROPERTY value based on Roles

Regular Contributor II
Regular Contributor II

We have a use case:

Write a CUSTOMPROPERTY value in Keycloak account based on the role membership of the identity, e.g. Because user x is member of role y, the customproperty6 in Active Directory gets value z.

What would be the best way to configure this?

Kind regards,



considering both are different apps/ connector. You can create request rule to create update account tasks for ad or actionable report.

you can show value on request form or you can store mapping value on role customproperty

Sorry, there is a mistake in the use case. It would be in Active Directory, so if a user gets role x, the account in Active Directory should get value y in CUSTOMPROPERTY 6.

But how can we do this only when user gets role x? I don't see an option to get roles of a user in the rules.

Does Role is single select ?

You can show role Customproperty as dynamic attribute and use in connector.

In AD which property are you trying to update & when create& update?