Re: [keycloak-user] How to create a 'provisioning only' user in Keycloak?
Hi Stian,
Thanks for the quick response but that's not exactly what I want to do.
I know how to add a keycloak user via add-user-keycloak.sh, what I don't
know is how to ensure
that this user can only be used for provisioning operations via kcadm.sh
and is NOT able to use the admin-console.
Background is:
- I want to secure the keycloak admin user with an additional OTP token.
This works fine for the admin-console but then I
cannot use kcadm.sh anymore with that user, because of the additional
token.
- I now want to create a dedicated technical user for provisioning
operations that cannot login to the admin-console.
Cheers,
Thomas
Am Mo., 10. Dez. 2018 um 11:00 Uhr schrieb Stian Thorgersen <
sthorger(a)redhat.com>:
If you want this before startup you can use the add-user-keycloak.sh
script with "--roles". If you want it at runtime then kcadm.sh is your
friend, should be examples in the docs on how to do that one.
On Mon, 10 Dec 2018 at 10:52, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
> Hello Keycloak-Users,
>
> I'd like to create users solely for Keycloak instance provisioning
> operations (e.g. via kcadm.sh), which should not able to login via the
> admin-console.
>
> Does anyone know a way to do this?
>
> Cheers,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>