How can I restrict client access to only one group of users in keycloak?

I have a client in keycloak for my awx(ansible tower) webpage.

I need only the users from one specific keycloak group to be able to log in through this client.

How can I forbid all other users(except from one particular group) from using this keycloak client?

Solution

I solved it like this:

Create a new role in Keycloak.
Assign this role to the group.
Create a new authentication script in Kycloak. Configure which role is allowed upon login (e.g. user.hasRole(realm.getRole("yourRoleName"))).
In the client's settings, under "Authentication Flow Overrides", choose the authentication script that was just created.

Integration of SSO using MSAL in Angular project gets 401 returned error after login
Simple way to put AWS Lambda app behind SAML authentication
Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
Log out from SSO kerberos
Getting TypeError: client_secret_basic client authentication method requires a client_secret
SSO not working in iOS when using AWS Cognito and Azure AD
Logout from next-auth with keycloak provider not works
Azure b2c still authenticated after hitting logout
What's the relationship between Keycloak SSO Session Idle Time and Spring Session Timeout?
Execute a RESTAPI request from Powershell using the credentials of the user logged into the windows machine(AD Credential's)
Python SSO: pysaml2 and python3-saml
Keycloak adapter not able retrieve current username from windows AD logged-in user
keycloak - realm resolution based on username (email address)
Rolify and acts_as_tenant with Single Signon (with some Devise & Pundit on the side) - can it be done?
which Oauth flow is good for Token authentication with javascript SPA
Can I have secrets that don't expire in Microsoft SSO via Azure Microsoft Entra ID?
Java 17 Allow RC4 HMAC while keeping allow_weak_crypto as false in krb5.conf
Zabbix SAML Config using ActiveDirectory WIN 2016-ADFS
Do Personal Accounts Have a UPN
Buildfire: login api
Moodle intergration with ADFS--Plugin SAML2 Single sign on
Share authentication cookie between IdentityServer4 clients
Kerberos SSO Issue with AD change of upns in Spring Boot Application
Integrate SAML in Laravel using existing Idp and SP
How can i enable Token_IDs in the new Azure/Microsoft Entra interface
Okta SSO (Allowing other users from another organization to use SSO with the OpenID application i created on my Okta developer dashboard)
Keycloak: Unique SAML endpoint per SAML Client in the same Realm
Implement single signon (SSO) using SAML in java and AzureAD as IDP
AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
Why is a client secret required when setting up an Azure AD / Identity SSO in Asp.net (legacy .Net Framework), but it is not required in asp.net core?