en Admin UI - Keycloak (comments)
If "/auth" is appended to the server URL, the Keycloak UI will open, where all user administration settings can be made. This includes settings that can be made in the rest of the admin UI as a clearer shortcut.
There is a link to the 'Administration Console' and 'Documentation' on the home page. Clicking on 'Administration Console' will prompt the user to authenticate if they are not already logged in. A user with the 'admin' role will have full rights here.
The most important settings are briefly described below. For full documentation, please refer to the Keycloak documentation.
Realm Settings / Master / Login
Features such as remembering a user after a browser restart and the Forgot Password function can be enabled here. For the latter, it is necessary to configure an SMTP host under Email.
Roles
Roles can be created here in the same way as in the Admin UI. Default Roles allows you to define which default roles will be assigned to a new user. For example, new users can always be allowed to see all comments by automatically assigning the role "viewer".
Identity Providers
External user administrations such as an Active Directory via SAML or OpenID Connect can be connected here. Roles and groups can be mapped here from the external system to internal roles and groups.
User Federation
This menu item allows you to import users from an external system. For example, you can connect to an Active Directory via LDAP. The difference with Identity Providers is that users are not just imported on first login, but are available in the user list. Roles and groups can also be mapped from the external system to internal roles and groups.
Authentication / Password Policy
Define requirements for strong passwords.
Groups
Groups can be created and edited here in a similar way to the Group settings in the Admin UI. It is also possible to assign entire user roles to a group under Role Mappings.
In this way, you unite a collection of roles, which then jointly receive authorisation via the Authorizations. Under Default Groups, it can be defined that new users are automatically assigned to groups.
Users
Users can be created and edited here, similar to the user settings in the Admin UI. Under Credentials, the password of a user can be reset. The "Temporary" switch ensures that the user has to change this password again at the next login.