Managing users and groups

You can add users and groups directly to Keycloak, connect Keycloak to an LDAP user registry to import users and groups, or connect Keycloak to an OIDC or SAML identity provider to manage users and groups. OpenShift Container Platform can act as an OIDC identity provider to enable OpenShift users to log into IBM Cloud Pak® for Integration.

For more information, see the following topics in the Red Hat documentation:

Managing users (Chapter 5. Managing users)
LDAP (4.3. Lightweight Directory Access Protocol (LDAP) and Active Directory)
Integrating identity providers (Chapter 9. Integrating identity providers)

Accessing the Keycloak console by using the Platform UI

If you have the Platform UI deployed, follow these steps to get started with any task in the Keycloak access control console.

Log in to the Platform UI as a user with the applicable admin permissions. For more information, see Cloud Pak roles and permissions.
Click the Navigation Menu icon next to IBM Cloud Pak for Integration in the banner, then click Administration > Access control. The Keycloak console opens.
In the navigation pane, click the option that you need to complete your task. For more information, see the following linked topics.

Accessing the Keycloak console by using the OpenShift web console

If you do not have the Platform UI deployed, follow these steps to get started with any task in the Keycloak access control console.

Log into the OpenShift web console as an administrator.
In the navigation pane, click Networking > Routes.
From the Project dropdown, select the namespace that contains the Keycloak route:
- For installations that use A single namespace on the cluster mode, this is the namespace in which your instances are deployed.
- For installations that use All namespaces on the cluster mode, this is the servicesNamespace (named ibm-common-services by default) that is defined in the CommonService resource.
From the Location column, copy the Keycloak URL (for example, https://keycloak-ibm-common-services.apps.ibm.com).
Add the suffix /admin/cloudpak/console/, so that the full address is https://keycloak-ibm-common-services.apps.ibm.com/admin/cloudpak/console/.
Paste the URL in your browser to access the console.
Log in to the Keycloak cloudpak realm by using the credentials in Getting the initial administrator password.