Grant access to an organization or a project in Keycloak
Choose a set of permissions for each user and service account
Read time 1 minuteLast updated 11 days ago
To grant access to an organization and all projects within that organization, assign one or more user types and user roles to the user or to the service account that requires access. To do so, complete these steps:
- In the admin console, switch to the unity realm.
-
Perform one of these actions:
- For a user, open the user properties and select the Role Mapping tab.
- For a service account, open the client properties and select the Service Account Roles tab.
- Select Assign role.
-
If the first filter is set to , then change it to
Filter by realm roles.Filter by clients -
Select the required role from the list, and then select Assign. Alternatively, use the filter . If the required role doesn't exist, create it first in the organization properties.
Search by role name- To grant read-only access, choose the User type.
- To grant full access, choose the Owner user type. Owners have access to the client that represents the organization, users and service accounts.
NoteKeycloak automatically assigns the User type to SSO users for the default organization. This user type has this name:.organization.39943160-54da-49ac-b1c7-bf26adc65855