Create an organization in Keycloak
Create an organization to organize your development projects and services
Read time 1 minuteLast updated 10 days ago
In Keycloak, a Unity organization is represented as a client with specific settings. You can create only one organization in your private cloud. You don't need to create additional organizations. The installation process creates a default organization and names it
Default Organization- In the admin console, switch to the unity realm.
- to Manage > Clients.
- Select Create client.
-
Provide these settings:
Field
Description
Client typeOpenID Connect.Client ID. Theorganization.<organization-name>prefix is required.organizationNameLeave this field empty.Client authenticationOn.AuthorizationOn.Standard flowDisabled.Direct access grantsDisabled.Service account rolesEnabled.
-
Create user roles for the organization. Roles represent the user types that a user can have in the organization. On the Roles tab, create these roles:
-
You must create at least these roles:
The recommended practice is to use the provided descriptions to avoid confusion later on.
Role name
Description
organization.072429ce-8400-4b65-ac72-4b96e3278931Owner user type organization.39943160-54da-49ac-b1c7-bf26adc65855User user type organization.6685d32d-f81a-4aeb-b95e-159c791a72d8Guest user type - Optionally, create additional roles for the organization and for projects. Learn more about these roles in the role-based access control (RBAC) reference.
-
You must create at least these roles:
-
On the Resources subtab of the Authorization tab, modify these settings:
- Change the default resource type to .
organization - To remove the associated URI, set it to an empty string.
- If the console requires it, set the display name to .
<org-name>
- Change the default resource type to
- Save your changes.
Note
Because you enable authentication for this client, Keycloak generates a secret for this client. You can ignore this secret because Unity doesn't use it.