Documentation

Support

Unity Cloud

Get Started

Asset Manager SDKs and services

Open Unity Dashboard

Unity Cloud

Set up the identity subsystem

Set up the identity subsystem, based on Keycloak
Read time 1 minuteLast updated 9 hours ago
Unity Virtual Private Cloud includes an identity provider and broker component based on Keycloak. Keycloak includes these major capabilities:
  • Authentication and authorization
  • Storage of information about entities that is required for access control, for example, for users, service accounts, the organization, and projects
Keycloak is included in the above deployment, but you must perform customer-specific postdeployment tasks and administration tasks.

1. Access Keycloak

Access the Keycloak admin console at 
https://<your-domain>/auth
.

Change the default admin credentials

The keycloak admin credentials are static and aren't tied to any identity provider. When you sign in for the first time, change the default admin credentials:
  1. In the Keycloak admin console, switch to the default realm, that is, the master realm.
  2. Go to Users, and then select the 
    admin
    user.
  3. On the Credentials tab, select Reset password.
  4. Enter a new password.
  5. Turn off Temporary.
  6. Record the credentials somewhere secure.

2. Complete the setup of the identity subsystem

To complete the setup of the identity subsystem, ensure that you are signed in to Keycloak, and then go to the unity realm.

2.1 Set up the URI properties for the dashboard client

To redirect the browser back to the frontend after a successful sign-in, add a valid redirect URI.
  1. Go to Manage > Clients, and then select the dashboard client.
  2. On the Settings tab, modify these values:
    • Set Root URI to 
      https://<solution-domain-name>
      .
    • Set Valid redirect URIs to 
      https://<solution-domain-name>/*
      .
  3. Select Save.

3. Perform administration tasks

  1. Create an organization in Keycloak.
  2. If required, set up single sign-on (SSO) for the identity subsystem.
  3. If you don't use SSO, then create users in Keycloak.
  4. Grant user access to the organization. Assign the Owner user type in the organization to at least one user, whether they have created their account locally or through SSO. This way, this user can sign in to Asset Manager and create a project. After you have completed these steps, users can access the application.
  5. Optionally, monitor integration in parallel or later.