Create an organization in Keycloak

Create an organization to organize your development projects and services
Read time 1 minuteLast updated 5 days ago

In Keycloak, a Unity organization is represented as a client with specific settings. You can create only one organization in your private cloud. To create a Unity organization, complete these steps:
  1. In the admin console, go to Manage > Clients.
  2. Select Create client.
  3. Provide these settings:

    Field

    Description

    Client typeOpenID Connect
    Client ID
    organization.<org-name>
    NameLeave this field empty.
    Client authenticationOn
    AuthorizationOn
    Standard flowDisabled
    Direct access grantsDisabled
    Service account rolesEnabled
After you have created the client, perform these changes to the configuration:
  1. Create user roles for the organization. Roles represent the user types that a user can have in the organization. On the Roles tab, create these roles:
    • You must create at least these roles:

      Role name

      Description

      organization.072429ce-8400-4b65-ac72-4b96e3278931
      Owner user type
      organization.39943160-54da-49ac-b1c7-bf26adc65855
      User user type
      organization.6685d32d-f81a-4aeb-b95e-159c791a72d8
      Guest user type
      The recommended practice is to use the provided descriptions to avoid confusion later on.
    • Optionally, create additional roles for the organization and for projects. Learn more about these roles in the role-based access control (RBAC) reference.
  2. On the Resources subtab of the Authorization tab, modify these settings:
    • Change the default resource type to
      organization
      .
    • To remove the associated URI, set it to an empty string.
    • If the console requires it, set the display name to
      <org-name>
      .
  3. Save your changes.