You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

Users, groups, and roles are managed in Keycloak. To open Keycloak, select "User Management" from the Blueriq landing page or go to http://<domain:port>/Keycloak/admin/master/console and then login with your Keycloak admin credentials.  

Make sure that you have selected the Studio from the Realm selection menu:

From here, you can

Add, edit, and remove users

Adding, editing, and removing users is relatively straightforward in Keycloak. From the navigation panel select Users, the main view will not list all by default, you can choose "View all users" to load all users, or search for a user from the search bar.

Adding a new user can be done with the Add user button in the top right. Only thing to keep in mind when adding a user, is that we currently only support authentication with a password, new users must be set up so that they can sign in with a password. To do this, first create a user: only the username is required, and optionally you can assign the user to one or more groups.

Then edit the user, select Credentials and enter a password:

If the temporary toggle is on, then the user must first update their password before they can sign into Encore.

Users can always update their password (temporary or not) in the Account console for the Studio realm at http://<domain:port>/Keycloak/realms/<realm>/account, or http://localhost:160/Keycloak/realms/BlueriqStudio16/account in a typical installation.

Add, edit, remove, and assign groups and roles

Keycloak groups and roles only have effect in Encore and the Studio server if there is a RoleMapping which maps the Keycloak role to a role in Encore

Adding, editing and removing groups and roles in Keycloak is relatively straightforward, from the navigation panel select either Realm roles or Groups, and the main view will list all roles or groups. From this view you can add, edit or delete roles or groups.

Users can be added to multiple groups, and they can be assigned multiple roles.

Roles can also be assigned to groups, effectively assigning those roles to all members of the group.

Ultimately it is the roles a user has in Keycloak (either directly or via groups it is a member of) that will determine which roles (and permissions) the user has in Encore and the Studio server.

Which Studio role a user has based on the given Keycloak roles is determined in the Studio configuration via the role mappings. 

The Studio role in turn will determine which permissions a user has in the Studio. See User access and management for more information on Studio roles and permissions and how to configure role mappings.

  • No labels

Didn't find the answer you were looking for? Try the advanced search