Create a service account in Keycloak
Create service accounts for programmatic access to Unity services
Read time 1 minuteLast updated 6 days ago
Service accounts are OAuth clients that use client credentials flow. To create a service account in Keycloak, complete these steps:
- In the admin console, select Manage > Clients.
- Select Create client.
-
Provide these settings:
Field
Description
Client typeOpenID ConnectClient IDEnter a descriptive name. These practices are recommended:- Follow a naming convention. For example, you might want to use as a prefix for the names of service accounts.
sa-
- Avoid using spaces. The client ID serves as a username for authentication, which might cause confusion.
Client authenticationOnStandard flowDisabledDirect access grantsDisabledService account rolesEnabled - Follow a naming convention. For example, you might want to use
-
On the Client Scopes tab, keep only the following client scopes, which are default scopes, and delete the others:
- <client-name>-dedicated
- acr
- profile
- unity-token-ids
-
Add these roles:
organization-users
organization-owners
- Grant access to an organization and a project.