diff --git a/configurator/src/Configurator/Vendor/Keycloak/KeycloakConfigurator.php b/configurator/src/Configurator/Vendor/Keycloak/KeycloakConfigurator.php
index f56c40120..578f0f0dc 100644
--- a/configurator/src/Configurator/Vendor/Keycloak/KeycloakConfigurator.php
+++ b/configurator/src/Configurator/Vendor/Keycloak/KeycloakConfigurator.php
@@ -20,6 +20,10 @@ public function configure(OutputInterface $output): void
     {
         $this->configureRealm();
 
+        foreach ($this->symfonyApplications as $app) {
+            $this->keycloakManager->createRole($app.'-admin', sprintf('Admin access for %s', ucwords($app)));
+        }
+
         foreach ([
                      KeycloakInterface::ROLE_ADMIN => 'Can do anything',
                      KeycloakInterface::ROLE_TECH => 'Access to Dev/Ops Operations',
diff --git a/lib/php/auth-bundle/Resources/config/services.yaml b/lib/php/auth-bundle/Resources/config/services.yaml
index 461fe3fb9..c3615a60b 100644
--- a/lib/php/auth-bundle/Resources/config/services.yaml
+++ b/lib/php/auth-bundle/Resources/config/services.yaml
@@ -24,7 +24,8 @@ services:
   Alchemy\AuthBundle\Security\JwtValidator: ~
   Alchemy\AuthBundle\Security\JwtValidatorInterface: '@Alchemy\AuthBundle\Security\JwtValidator'
   Alchemy\AuthBundle\Security\OAuthAuthorizationAuthenticator: ~
-  Alchemy\AuthBundle\Security\RoleMapper: ~
+  Alchemy\AuthBundle\Security\RoleMapper:
+      $appName: '%alchemy_core.app_name%'
 
   Alchemy\AuthBundle\Controller\OAuthProxyController:
       public: true
diff --git a/lib/php/auth-bundle/Security/RoleMapper.php b/lib/php/auth-bundle/Security/RoleMapper.php
index a2a6cb5b7..49ce74a4c 100644
--- a/lib/php/auth-bundle/Security/RoleMapper.php
+++ b/lib/php/auth-bundle/Security/RoleMapper.php
@@ -7,17 +7,22 @@
 final readonly class RoleMapper
 {
     public function __construct(
+        private string $appName,
         private array $mapping = [
             'admin' => 'ROLE_ADMIN',
-        ]
+        ],
     )
     {
     }
 
     public function getRoles(array $idpRoles): array
     {
-        return array_filter(array_map(function (string $role): ?string {
+        return array_values(array_unique(array_filter(array_map(function (string $role): ?string {
+            if ($role === sprintf('%s-admin', $this->appName)) {
+                return 'ROLE_ADMIN';
+            }
+
             return $this->mapping[$role] ?? null;
-        }, $idpRoles));
+        }, $idpRoles))));
     }
 }