Version/Environment (if relevant):
All Domino deployments that use Role Synchronization with Keycloak, as described here.
Sometimes Domino administrators may want to switch some Domino users to a different user type. For example, switching a Practitioner to a Lite User (see docs here). To do this admins will need to set the new role within the domino-system-roles attribute as described here. Please note that once the new role is set, users are required to login to their Domino deployment for their user type to transition. At this time there is no workaround for this step.
New roles are only set when users are authenticated with the corporate SSO, which requires the users to manually login.
We do have an open feature request to make it easier for administrators to transition user roles. If you have feedback or have a good use case for this feature, please reach out to your account team and let us know!