Create a service account in Keycloak

Create service accounts for programmatic access to Unity services

Read time 1 minute

Last updated 6 days ago

Service accounts are OAuth clients that use client credentials flow. To create a service account in Keycloak, complete these steps:

In the admin console, select Manage > Clients.
Select Create client.

Provide these settings:

Field	Description
Client type	OpenID Connect
Client ID	Enter a descriptive name. These practices are recommended: Follow a naming convention. For example, you might want to use `sa-` as a prefix for the names of service accounts. Avoid using spaces. The client ID serves as a username for authentication, which might cause confusion.
Client authentication	On
Standard flow	Disabled
Direct access grants	Disabled
Service account roles	Enabled

After you have created the client, make these changes to its configuration:

On the Client Scopes tab, keep only the following client scopes, which are default scopes, and delete the others:
- <client-name>-dedicated
- acr
- email
- profile
- unity-token-ids
Add these roles:
- ```
organization-users
```
- ```
organization-owners
```
Grant access to an organization and a project.

When you create a service account, Keycloak generates the client secret. To access this secret, go to the client properties, and then select the Credentials tab.

Documentation

Engine

Services

Grow

Industry

Support

Unity Cloud

Get Started

Creator SDKs and Services

Unity Cloud

Create a service account in Keycloak

Field

Description