Transitioning a preexisting web stack in our corporate network from Identity Server to Keycloak has been my extremely rough intro to the world of auth. I would say I’m almost there, but have one issue holding me up. We have a few different data enclaves, including one that requires users to sign an NDA and be added to an AD group. I’ve been searching high and low to see if Keycloak has a simple flag to say “don’t let anyone in that isn’t a member of this AD group”. Does that exist or do I have to create groups in Keycloak itself and add users manually?