Create an organization in Keycloak

Create an organization to organize your development projects and services
Read time 1 minuteLast updated 10 days ago

In Keycloak, a Unity organization is represented as a client with specific settings. You can create only one organization in your private cloud. You don't need to create additional organizations. The installation process creates a default organization and names it
Default Organization
. Asset Manager needs only this organization. If you need to work with an additional organization in Asset Manager, you can create it in Keycloak.
To create a Unity organization, complete these steps:
  1. In the admin console, switch to the unity realm.
  2. to Manage > Clients.
  3. Select Create client.
  4. Provide these settings:

    Field

    Description

    Client type
    OpenID Connect.
    Client ID
    organization.<organization-name>
    . The
    organization
    prefix is required.
    Name
    Leave this field empty.
    Client authentication
    On.
    Authorization
    On.
    Standard flow
    Disabled.
    Direct access grants
    Disabled.
    Service account roles
    Enabled.
After you have created the client, perform these changes to the configuration:
  1. Create user roles for the organization. Roles represent the user types that a user can have in the organization. On the Roles tab, create these roles:
    • You must create at least these roles:

      Role name

      Description

      organization.072429ce-8400-4b65-ac72-4b96e3278931
      Owner user type
      organization.39943160-54da-49ac-b1c7-bf26adc65855
      User user type
      organization.6685d32d-f81a-4aeb-b95e-159c791a72d8
      Guest user type
      The recommended practice is to use the provided descriptions to avoid confusion later on.
    • Optionally, create additional roles for the organization and for projects. Learn more about these roles in the role-based access control (RBAC) reference.
  2. On the Resources subtab of the Authorization tab, modify these settings:
    • Change the default resource type to
      organization
      .
    • To remove the associated URI, set it to an empty string.
    • If the console requires it, set the display name to
      <org-name>
      .
  3. Save your changes.