Managing users in Keycloak

Keycloak users are stored locally and not connected to an external identity source. Local Keycloak users can be used to create and manage service accounts that are not associated with individual end users. For more information, see Chapter 5. Managing users in the Red Hat documentation.

Creating and editing users

Create users by using the Keycloak access control console.

  1. Log in to the Platform UI as a user with realm management permissions. For more information, see Cloud Pak for Integration roles and permissions.

  2. Click the Navigation Menu icon next to IBM Cloud Pak for Integration in the banner, then click Administration > Access control. The Keycloak access control console opens.

  3. In the navigation pane, click Users.

  4. Click Add user, or if you have already created a user, select the user that you want to edit.

  5. Enter the user details.

  6. Click Create. The user is created (or updated).

Now that you have created a user, you can create a group and add the user as a member.

Creating and editing groups

Create groups by using the Keycloak access control console. For more information, see Groups in the Red Hat documentation.

  1. Log in to the Platform UI as a user with realm management permissions. For more information, see Cloud Pak for Integration roles and permissions.

  2. Click the Navigation Menu icon next to IBM Cloud Pak for Integration in the banner, then click Administration > Access control. The Keycloak access control console opens.

  3. In the navigation pane, click Groups.

  4. Click Create group, or if you have already created a group, select the group that you want to edit.

  5. If you are creating a new group, enter a name for the group, and click Create. The group is created (or updated).

Now that you have created or updated your group, you can do the following:

  • Add users to the group.

    1. Click the name of the group in the Group name column.

    2. Click the Members tab, then click Add member.

    3. Select a member and click Add.

  • Assign roles to the group.

    1. Click the name of the group in the Group name column.

    2. Click the Role mapping tab, then click Assign role.

    3. If assigning a client role, using the filter dropdown, change from the default, Filter by realm roles to Filter by clients.

    For more information about roles, see OpenShift Roles and permissions.

    1. Select a role and click Assign.

Changing passwords

Users can change their own passwords in their account console. Administrators can change user passwords in the access control console.

If Keycloak is configured to send email, users can reset their own passwords by using their verified email address. For more information, see Keycloak configuration.

To access the account console:

  1. Click the user profile icon in the Platform UI.

  2. Click Profile and settings.

For more information, see Account console in the Red Hat documentation.