Skip to main content
Version: 7.1

Managing users in Keycloak

During the installation of ASM, a Keycloak service is also installed, to serve as an authentication module.

Only a default administrative user is created automatically during the installation. All other users must be created and assigned a role in Keycloak, before they can log in to ASM.

Logging in to Keycloak for the first time

Open a web browser window and go to https://localhost/auth.

  • Default username: admin
  • Default password: admin

Note: Axiomatics strongly recommends immediately changing the password. See Keycloak: User Credentials for information on how to do this.

Creating a user in Keycloak

All users (except the default administrative user) must be created and assigned a role in Keycloak before they can log in to ASM.

  1. Open a web browser window and go to [https://localhost/auth].
  2. Log in to the Keycloak administration console and go to the ASM realm.
  3. In the Manage section on the left, click Users.
  4. Click the Add User button.

The Add user page is displayed.

  1. Enter a name in the Username field (required). The other fields are optional.
  2. Click the Save button.
  3. Go to the Credentials tab.
  4. Enter a new password and confirm it in the Password fields.
  5. Click the “Temporary” switch to turn it OFF.
  6. Click the Set Password button.

Repeat for as many users you want to add to the system.

Note: The characters ':', '[', ']', '|', and '*' are not allowed in the username.

Mapping the user roles

  1. In the Manage section on the left, click Users.
  2. Select the user you want to map roles for.

In the window that is displayed, go to the Role Mappings tab.

  1. In the “Available Roles” list, select the roles that you want to assign to the user (asm-admins, asm-users, domain-auditor).
  2. Click the Add selected button.

The roles are added to the "Assigned Roles" list for the selected user.

Note: The example shows a user that has been assigned all three roles, which is recommended for the administrator to be able to work with projects and the administration view. For an ASM user respectively, it is recommended to have assigned the asm-users and domain-auditor roles

Deleting a user in Keycloak

  1. Log in to the Keycloak administration console and go to the ASM realm.
  2. In the Manage section on the left, click Users.
  3. Select the user you want to delete.
  4. Click the Trashcan icon to delete the user.
  5. Go to ASM and delete the user from project assignments and the list of users.