Default User Administration

Keycloak uses the concept of a realm to manage and authenticate users. When you install the Keycloak server, a realm called testserver is created for you in Keycloak. All server users belong to this realm and when they log in to the server, they log into that realm.

As an administrator, it is important to consider the following points about the Keycloak server administration:
  • By default, there is no admin user for Link. Such an admin user is required for accessing additional Link functions, which includes claiming ownership of Link projects and unarchiving them. But you can assign administrative privileges to any user. You must do this by adding the admin role to the user in Keycloak. See "Getting Started" in the Keycloak documentation for more information
  • If Keycloak authentication is enabled in Link, you need to create the admin user or you can synchronize users from ldap and assign administrative privileges to any user
  • Keycloak does not come with a default admin user. You need to create an admin user before using the Link application. To do this open http://localhost:8080/auth, fill the form with your preferred username and password

    After you log in to the Keycloak Admin Console, from the Users page, you can search and select the user that you want to make an administrator. From the Groups tab, you can join the user to the Admin group.

    For more information about assigning user roles, see "Groups" in the Keycloak documentation.

Now that you are the Keycloak server administrator, it is important to consider the following points about the default user management and authentication:
  • Minimum password length defaults to 8 characters
  • Email verification of new users is turned off
  • The Forgot Password feature is turned on by default, but no instructions are sent to the user to reset their password
  • Forgotten user passwords are changed by you, if you do not enable Keycloak to send instructions to reset a password

You can review the following sections about changing the default authentication controls.

Email settings

By default, the testserver realm sets the Forgot Password switch on. However, as an administrator, you must enable Keycloak to send an email to the user with instructions to reset their password. If you want to verify an email, you must also enable Keycloak to send an email to the user to verify their email address.

You must provide SMTP server settings for Keycloak to send an email. After you log in to the Keycloak Admin Console, see "Email Settings" in the Keycloak documentation.

To set up the email verification, see "Forgot Password" in the Keycloak documentation.

User password

Organization can give user access to the account console located at:

https://<keycloak-url>/auth/realms/<realm>/account

There is a form to update password (and other useful information about the account). See "User Credentials" in the Keycloak documentation.

User deletion

When a user is inactive or no longer access the Link application, you can delete that user.

See "Deleting Users" in the Keycloak documentation.