diff --git a/tests/e2e/cucumber/steps/api.ts b/tests/e2e/cucumber/steps/api.ts
index cdf950ea52c..c7e818bdc92 100644
--- a/tests/e2e/cucumber/steps/api.ts
+++ b/tests/e2e/cucumber/steps/api.ts
@@ -22,8 +22,7 @@ Given(
     const admin = this.usersEnvironment.getUser({ key: stepUser })
     for await (const info of stepTable.hashes()) {
       const user = this.usersEnvironment.getUser({ key: info.id })
-      const id = await api.graph.getUserId({ user, admin })
-      await api.graph.assignRole(admin, id, info.role)
+      await api.provision.assignRole({ admin, user, role: info.role })
     }
   }
 )
diff --git a/tests/e2e/support/api/keycloak/user.ts b/tests/e2e/support/api/keycloak/user.ts
index 093ddaa180e..179df47daaa 100644
--- a/tests/e2e/support/api/keycloak/user.ts
+++ b/tests/e2e/support/api/keycloak/user.ts
@@ -8,6 +8,13 @@ import { keycloakRealmRoles } from '../../store'
 import { state } from '../../../cucumber/environment/shared'
 import { getTokenFromLogin } from '../../utils/tokenHelper'
 
+const ocisKeycloakUserRoles: Record<string, string> = {
+  Admin: 'ocisAdmin',
+  'Space Admin': 'ocisSpaceAdmin',
+  User: 'ocisUser',
+  'User Light': 'ocisGuest'
+}
+
 export const createUser = async ({ user, admin }: { user: User; admin: User }): Promise<User> => {
   const fullName = user.displayName.split(' ')
   const body = JSON.stringify({
@@ -39,16 +46,7 @@ export const createUser = async ({ user, admin }: { user: User; admin: User }):
   const uuid = getUserIdFromResponse(creationRes)
 
   // assign realmRoles to user
-  const roleRes = await request({
-    method: 'POST',
-    path: join(realmBasePath, 'users', uuid, 'role-mappings', 'realm'),
-    body: JSON.stringify([
-      await getRealmRole('ocisUser', admin),
-      await getRealmRole('offline_access', admin)
-    ]),
-    user: admin,
-    header: { 'Content-Type': 'application/json' }
-  })
+  const roleRes = await assignRole({ admin, uuid, role: 'User' })
   checkResponseStatus(roleRes, 'Failed while assigning roles to user')
 
   const usersEnvironment = new UsersEnvironment()
@@ -60,6 +58,19 @@ export const createUser = async ({ user, admin }: { user: User; admin: User }):
   return user
 }
 
+export const assignRole = async ({ admin, uuid, role }) => {
+  return request({
+    method: 'POST',
+    path: join(realmBasePath, 'users', uuid, 'role-mappings', 'realm'),
+    body: JSON.stringify([
+      await getRealmRole(ocisKeycloakUserRoles[role], admin),
+      await getRealmRole('offline_access', admin)
+    ]),
+    user: admin,
+    header: { 'Content-Type': 'application/json' }
+  })
+}
+
 const initializeUser = async (username: string): Promise<void> => {
   return getTokenFromLogin({ browser: state.browser, username, waitForSelector: '#web-content' })
 }
diff --git a/tests/e2e/support/api/provision/user.ts b/tests/e2e/support/api/provision/user.ts
index 1c8bfd6ebd3..d2c90f9eccb 100644
--- a/tests/e2e/support/api/provision/user.ts
+++ b/tests/e2e/support/api/provision/user.ts
@@ -1,7 +1,17 @@
 import { User } from '../../types'
-import { createUser as graphCreateUser, deleteUser as graphDeleteUser } from '../graph'
-import { createUser as keycloakCreateUser, deleteUser as keycloakDeleteUser } from '../keycloak'
+import {
+  createUser as graphCreateUser,
+  deleteUser as graphDeleteUser,
+  assignRole as graphAssignRole,
+  getUserId
+} from '../graph'
+import {
+  createUser as keycloakCreateUser,
+  deleteUser as keycloakDeleteUser,
+  assignRole as keycloakAssignRole
+} from '../keycloak'
 import { config } from '../../../config'
+import { UsersEnvironment } from '../../environment'
 
 export const createUser = async ({ user, admin }: { user: User; admin: User }): Promise<User> => {
   if (config.keycloak) {
@@ -16,3 +26,14 @@ export const deleteUser = async ({ user, admin }: { user: User; admin: User }):
   }
   return graphDeleteUser({ user, admin })
 }
+
+export const assignRole = async ({ admin, user, role }): Promise<void> => {
+  if (config.keycloak) {
+    const usersEnvironment = new UsersEnvironment()
+    const createdUser = usersEnvironment.getCreatedUser({ key: user.id })
+    await keycloakAssignRole({ admin, uuid: createdUser.uuid, role })
+  } else {
+    const id = await getUserId({ user, admin })
+    await graphAssignRole(admin, id, role)
+  }
+}
diff --git a/tests/e2e/support/objects/runtime/session.ts b/tests/e2e/support/objects/runtime/session.ts
index b4cca872006..0e85a861de3 100644
--- a/tests/e2e/support/objects/runtime/session.ts
+++ b/tests/e2e/support/objects/runtime/session.ts
@@ -52,16 +52,14 @@ export class Session {
       const body = await response.json()
       const tokenEnvironment = TokenEnvironmentFactory(tokenType)
 
-      if (!tokenEnvironment.getToken({ user })) {
-        tokenEnvironment.setToken({
-          user: { ...user },
-          token: {
-            userId: user.id,
-            accessToken: body.access_token,
-            refreshToken: body.refresh_token
-          }
-        })
-      }
+      tokenEnvironment.setToken({
+        user: { ...user },
+        token: {
+          userId: user.id,
+          accessToken: body.access_token,
+          refreshToken: body.refresh_token
+        }
+      })
     }
   }