AW Roles to Groups

In this hands-on workshop, you'll learn how to connect your custom Adventure Works roles with organizational groups and configure role mappings that enable PDC to receive complete identity information through JWT tokens. We'll walk through the critical process of assigning realm roles to groups so that your custom roles are automatically included in authentication tokens sent to PDC for data governance decisions.

By the end of this workshop, you will be able to:

• Assign custom realm roles to organizational groups in Keycloak

• Configure role mappings that ensure JWT tokens include all necessary role information

• Establish the connection between organizational structure and custom compliance roles

• Enable automatic role inheritance when users join specific groups

• Ensure PDC receives complete identity context through properly configured JWT tokens

• Create scalable role assignment workflows that support enterprise user management

• Troubleshoot role mapping issues in identity federation scenarios

Workshop Role Assignments: You'll configure role mappings for the complete Adventure Works hierarchy:

• System_Administrators → aw-system-administrator role

• Sales_Analysts → aw-sales-analyst role

• HR_Specialists → aw-hr-specialist role

• Data_Stewards → aw-data-steward role

• Compliance_Officers → aw-compliance-officer role

This workshop completes the critical bridge between your organizational groups and custom roles, ensuring that when users authenticate, PDC receives the full context of WHO they are and WHAT roles they possess for data governance decision-making.