How can I restrict client access to only one group of users in keycloak?

Question

I have a client in keycloak for my awx(ansible tower) webpage.

I need only the users from one specific keycloak group to be able to log in through this client.

How can I forbid all other users(except from one particular group) from using this keycloak client?

Answer 1

I solved it like this:

1. Create a new role in Keycloak.
2. Assign this role to the group.
3. Create a new authentication script in Kycloak. Configure which role is allowed upon login (e.g. user.hasRole(realm.getRole("yourRoleName"))).
4. In the client's settings, under "Authentication Flow Overrides", choose the authentication script that was just created.