[keycloak-user] Creating users in a group
Kumar Nitesh
knitesh at smartdestinations.com
Fri Dec 22 08:24:27 EST 2017
I tried to create different group policies to view users and manage user
and was able to restrict an admin, to view only group members and manage
group members.
But I was not able to create policies which restrict an admin to create a
member of only a particular group.
Whenever I assign manage-users in realm-management client, it gives
permission to manage all users. Even when a policy is defined at Users ->
Permission--> manage level that only superadmin can manage all users.
Kind of lost here....
On Dec 22, 2017, at 4:29 AM, Simon Payne <simonpayne58 at gmail.com> wrote:
you can achieve this by granting admin users some of the role which belong
to the realm-management client. although i have never tested creating
users.
an easier to manage solution might be to allow your client to manage their
users through active directory etc and then integrate with keycloak via
LDAP - you can then map all of these users to either roles or groups in
keycloak depending upon which AD groups they belong. this way your client
never needs to log in to keycloak.
On Thu, Dec 21, 2017 at 6:43 PM, Mark Hammond <
mhammond at smartdestinations.com> wrote:
Hi,
We have a requirement that our clients need to be able to manage users
within a group. What we want to achieve is to have a group admin user
create users, but only within that group. Is there a way to achieve this?
Kind regards,
Mark
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list