Skip to content

Managing users

Users are entities that are able to log into your system. They can be assigned group membership for use with data entitlements and have specific roles assigned to them.

Creating users

  1. Log into the administration console.
  2. Choose the target realm ($REALM_NAME) from the top-left realm drop-down.
  3. Click Users in the menu.
  4. Click Add User.
  5. Enter the details for the new user.
  6. Click Save.
  7. Give the user credentials:
    1. Click the Credentials tab
    2. Click Set password
    3. Choose a password and leave Temporary set to on
    4. Click Save
    5. Confirm by clicking on Save password

Ensure the correct realm is selected

Ensure you select the correct realm ($REALM_NAME) as the UI defaults to the Master realm on login.

Use kxi user to create a new user.

kxi user create $USERNAME \
    --email $EMAIL \
    --password $PASSWORD \
    --temporary

Replace the following:

  • $USERNAME: Username for the new user.
  • $EMAIL: Email for the new user.
  • $PASSWORD: Password for the new user.

Note

The user will be asked to reset their password on first login when the --temporary flag is set

Assigning roles

Assign roles to a user through the Role Mappings tab for that user.

  1. Log into the administration console.
  2. Click Users in the menu.
  3. Click the user that you want to add the roles to.
  4. Click the Role mappings tab.
  5. Click Assign role.
  6. Select the role you want to assign to the user from the dialog.
  7. Click Assign.

Use kxi user to assign roles.

kxi user assign-roles $USERNAME --roles $ROLES

Replace the following:

  • $USERNAME: Username to assign roles to.
  • $ROLES: Comma-separated list of roles to assign.

Note

View available roles with kxi user get-available-roles

Password resets

You can reset passwords via the administration console.

  1. Log into the administration console.
  2. Click Users in the menu.
  3. Click the user whose password you want to reset.
  4. Click the Credentials tab.
  5. Enter a new password.
  6. Click Reset Password.

Use kxi user to reset a user's password.

kxi user reset-password $USERNAME --password $PASSWORD

Replace the following:

  • $USERNAME: Username to reset password for.
  • $PASSWORD: New password for the user.

Forgotten passwords

The application can provide password reset functionality via email if the realm is configured with an email server.

  1. Log into the administration console.
  2. Click Realm settings in the menu.
  3. Click the Login tab.
  4. Toggle Forgot password to ON.

A 'Forgot password?' link will now be displayed on the login screen.

Identity brokering

To use an identity provider other than Keycloak to authenticate users, configure this under Identity Providers in the menu.

The setup for this varies depending on the type of identity provider.

Read the Keycloak documentation for your specific use case.

Keycloak Identity Brokering

First login

A user that authenticates via a different identity provider than Keycloak must log in at least once before roles can be assigned to them.

Identity provider is not visible on the login screen

If an identity provider is configured but you can't see it on the login screen, ensure you are getting redirected to the correct login page: https://${INSIGHTS_HOSTNAME}/auth/admin/${REALM_NAME}/console/