Default User Administration
Keycloak uses the concept of a realm to manage and authenticate users. When you install the Keycloak server, a realm called testserver is created for you in Keycloak. All server users belong to this realm and when they log in to the server, they log into that realm.
- By default, there is no admin user for Design server. Such an admin user is required for accessing additional Design server functions, which includes claiming ownership of Design server projects and unarchiving them. But you can assign administrative privileges to any user. You must do this by adding the admin role to the user in Keycloak. See Getting Started guide for more information
- If Keycloak authentication is enabled in Design Server, you need to create the admin user or you can synchronize users from ldap and assign administrative privileges to any user
- Keycloak does not come with a default admin user. You need to create an admin user before using
the Design server application. To do this open http://localhost:8080/auth, fill
the form with your preferred username and password
After you log in to the Keycloak Admin Console, from the Users page, you can search and select the user that you want to make an administrator. From the Groups tab, you can join the user to the Admin group.
For more information about assigning user roles, see Groups in the Keycloak documentation.
- Minimum password length defaults to 8 characters
- Email verification of new users is turned off
- The Forgot Password feature is turned on by default, but no instructions are sent to the user to reset their password
- Forgotten user passwords are changed by you, if you do not enable Keycloak to send instructions to reset a password
You can review the following sections about changing the default authentication controls.
Email settings
By default, the testserver realm sets the Forgot Password switch on. However, as an administrator, you must enable Keycloak to send an email to the user with instructions to reset their password. If you want to verify an email, you must also enable Keycloak to send an email to the user to verify their email address.
You must provide SMTP server settings for Keycloak to send an email. After you log in to the Keycloak Admin Console, see Email Settingsin the Keycloak documentation.
To set up the email verification, see Forgot Passwordin the Keycloak documentation.
User password
Organization can give user access to the account console located at:
https://<keycloak-url>/auth/realms/<realm>/account
There is a form to update password (and other useful information about the account). See User Credentials in the Keycloak documentation.
User deletion
When a user is inactive or no longer access the Design server application, you can delete that user.
See Deleting Users in the Keycloak documentation.