[ovirt-users] Slightly confused by KeyCloak

Hi there, We've decided to use oVirt for our school datacenter and I'm setting up a PoC to show it could work for our needs. So far, I've managed to deploy a single hosted engine to iSCSI by using the hosted-engine deploy script. So far, so good, I can create VMs, I've had a few problems, but nothing I couldn't figure out. What got me confused is the KeyCloak link with oVirt. My goal is to allow students to register to oVirt so that they can spin up VMs, images, and so on. I've created a group in KeyCloak named "ovirt-student" that is automatically assigned to new users. I have also linked oVirt to this group by going into the engine web UI and adding the group to oVirt's group list. I have given system permissions to the ovirt-student group such as VMCreator. I've then tried to connect to a dummy user called "test". My results are as follows : - The user does not seem to have the correct rights as it cannot create new VMs in the VM portal; - The admin interface does not suggest the user is a part of the ovirt-student group; However, when I add the test user to the ovirt-administrator group, no problem at all, the user is an admin, alright. My question is as follows : what do I need to do so that the groups in KeyCloak and oVirt are synced ? Thanks a lot, TP