Managing users
Users are entities that are able to log into your system. They can be assigned group membership for use with entitlements and have specific roles assigned to them.
Creating users
- Log into the administration console.
- Choose the target realm (
$REALM_NAME
) from the top-left realm drop-down. - Click Users in the menu.
- Click Add User.
- Enter the details for the new user.
- Click Save.
- Give the user credentials:
- Click the Credentials tab
- Click Set password
- Choose a password and leave Temporary set to on
- Click Save
- Confirm by clicking on Save password
Ensure the correct realm is selected
Ensure you select the correct realm ($REALM_NAME
) as the UI defaults to the Master
realm on login.
Use kxi user
to create a new user.
kxi user create $USERNAME \
--email $EMAIL \
--password $PASSWORD \
--temporary
Replace the following:
$USERNAME
: Username for the new user.$EMAIL
: Email for the new user.$PASSWORD
: Password for the new user.
Note
The user will be asked to reset their password on first login when the --temporary
flag is set
Assigning roles
Assign roles to a user through the Role Mappings tab for that user.
- Log into the administration console.
- Click Users in the menu.
- Click the user that you want to add the roles to.
- Click the Role mappings tab.
- Click Assign role.
- Select the role you want to assign to the user from the dialog.
- Click Assign.
Use kxi user
to assign roles.
kxi user assign-roles $USERNAME --roles $ROLES
Replace the following:
$USERNAME
: Username to assign roles to.$ROLES
: Comma-separated list of roles to assign.
Note
View available roles with kxi user get-available-roles
Password resets
You can reset passwords via the administration console.
- Log into the administration console.
- Click Users in the menu.
- Click the user whose password you want to reset.
- Click the Credentials tab.
- Enter a new password.
- Click Reset Password.
Use kxi user
to reset a user's password.
kxi user reset-password $USERNAME --password $PASSWORD
Replace the following:
$USERNAME
: Username to reset password for.$PASSWORD
: New password for the user.
Forgotten passwords
The application can provide password reset functionality via email if the realm is configured with an email server.
- Log into the administration console.
- Click Realm settings in the menu.
- Click the Login tab.
- Toggle Forgot password to ON.
A 'Forgot password?' link will now be displayed on the login screen.
Identity brokering
To use an identity provider other than Keycloak to authenticate users, configure this under Identity Providers in the menu.
The setup for this varies depending on the type of identity provider.
Read the Keycloak documentation for your specific use case.
First login
A user that authenticates via a different identity provider than Keycloak must log in at least once before roles can be assigned to them.
Identity provider is not visible on the login screen
If an identity provider is configured but you can't see it on the login screen, ensure you are getting redirected to the correct login page: https://${INSIGHTS_HOSTNAME}/auth/admin/${REALM_NAME}/console/