Documentation

Unity Cloud

Get Started

Asset Manager SDKs and services

Open Unity Dashboard

Unity Cloud

Access the Keycloak admin console

Manage identity in Unity Virtual Private Cloud from Keycloak
Read time 1 minuteLast updated 2 days ago

About Keycloak

Unity Virtual Private Cloud includes an identity provider and broker component based on Keycloak. Keycloak includes these major capabilities:
  • Authentication and authorization
  • Storage of information about users and service accounts keys
Keycloak is included in the above deployment, but you must perform customer-specific postdeployment and administration tasks.

Access Keycloak from Amazon Web Services (AWS)

To access the Keycloak admin console from a browser, enter a URL in this format: 
https://<domain_name>/auth/admin/master/console/
The default user is admin. To retrieve the password, run this command: 
kubectl get -n asset-solutions secret keycloak -o jsonpath="{.data.admin-password}" | base64 --decode
When you sign in for the first time, change the default admin credentials.

Access Keycloak from Microsoft Azure

In Keycloak, the predefined unity realm stores all the settings and objects that are related to Virtual Private Cloud. When you open the Keycloak admin console, switch to the unity realm.

Access the admin console

To access the Keycloak admin console from a browser, enter a URL in the following format: 
https://<SolutionFQDN>/auth/admin
Replace 
<SolutionFQDN>
with your solution's fully qualified domain name (FQDN).

Retrieve initial admin password

The initial administrator username is 
admin
. Azure generates the password during deployment. Retrieve the password from the solution key vault. The key vault is in the solution managed resource group, and the secret name is 
kc-admin-password
. To access secrets in the key vault, an administrator might require to perform these tasks:
  • Grant the Key Vault Administrator role to themselves, because the Owner role doesn't provide access to the Key Vault data plane
  • Temporarily allow access to the key vault over the internet By default, public access for this key vault is made unavailable. The recommended practice is to restrict this access to the IPs of specific administrators, in the key vault firewall settings, and, if possible, permanently.

Manage administrative access

Optionally, in the master realm, perform these actions:
  1. Change the password for the 
    admin
    user.     The recommended practice is to keep the password up-to-date in the key vault.
  2. Add the administrative users, as personal accounts for specific solution administrators.
To perform other changes that are related to Virtual Private Cloud settings, go to the unity realm.

Change the default admin credentials

The keycloak admin credentials are static and aren't tied to any identity provider. When you sign in for the first time, change the default admin credentials:
  1. In the Keycloak admin console, switch to the default realm, that is, the master realm.
  2. Go to Users, and then select the 
    admin
    user.
  3. On the Credentials tab, select Reset password.
  4. Enter a new password.
  5. Turn off Temporary.
  6. Record the credentials somewhere secure.