Re: [keycloak-user] Need to log in to all realms with unique admin users

Sorry, I probably did not explain well. I have a client application that is accessible from all realms. I would like with a realm master user to be able to access the client application of each realm, without creating users on each realm. I tried this but when I log in to the client application with the user created in the realm master the log in fails because it says that the user does not exist. Reading the documentation it is explained that the users created in the realm master are used to manage the realm as admin, so you can create new realm and users and groups within the various realms, but it is not specified that with this user you can access a client application defined in realms. Is it possible to access to clients of the various realms with the realm master users, without duplicating them in every realm, or not? Thank you Get Outlook for Android<https://aka.ms/ghei36> On Thu, Oct 25, 2018 at 10:07 PM +0200, "Dmitry Telegin" <dt@acutus.pro<mailto:dt@acutus.pro>> wrote: Hello Mattia, answers inline, On Thu, 2018-10-25 at 13:34 +0000, Mattia Bello wrote: Yes you can. In fact, there is already such a user - it's admin that you've created on the first run. If you want more users with such an access in master realm, grant them "admin" realm role. If you look into "admin" role details, you'll see that it automatically includes all the client roles of *-realm clients, that's how it works under the hood. If you don't want to grant that powerful admin role, go to user -> Role mappings and assign the necessary client roles from the *-realm clients. The user will get access to the admin functions for that realm(s). This is possible too. Create a user in the target realm, go to Role mappings and assign the necessary roles from the realm-management client. Good luck, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic +42 (022) 888-30-71 E-mail: info(a)acutus.pro