How to map internal OIDC group to external K8s cluster roles

I have successfully connected my K8s cluster + dashboard to my Keycloak server, now i have asked myself the question:

I have followed these instructions here.

Furthermore I also made the appropriate adjustments to the kube-apiserver.yml. In my opinion these two yaml's should do the corresponding mapping. Does anyone happen to have a corresponding configuration and can validate my assumption.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: devops-cluster-admin
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: devopstales

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
subjects:
- kind: User
  name: "devopstales"
  namespace: "kube-system"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name:  cluster-admin

How can I achieve a role mapping between the OIDC roles/ groups and the K8s roles?

You will want to specify --oidc-groups-claim= with the JWT claim containing the list of strings that identify the groups to which the authenticated user belongs, then you can reference those names (with any optional oidc-groups-prefix you specified) in RBAC situations to grant cluster permissions to those groups