As an application developer I want to take advantage of the token based
authentication. I do not want to deal with LDAP really. I want to use an
IdP service and will use SAML and OIDC when user authenticates.
Everything I need to know about user I will pull from the token or
assertion. That allows me to handle cases when user logs in. On the
first hit I can create a cache entry and my database for that user so
that he can be looked up and his permissions can be checked. However I
need to be able to handle following scenario:

When administrator wants to define privileges for a user or a group
that has not logged in I can't select a user or group since they are not
in my DB, I have to type him in. This is inconvenient. Is there any
interface that Keycloak provides where I can lookup a user or a group?