[keycloak-user] Keycloak to set up Teams and Organizations

Stian Thorgersen sthorger at redhat.com
Tue Oct 13 13:22:48 EDT 2015 

The plan is to introduce more fine grained control over permissions within
Keycloak in the future, but that's a separate issue to introducing group
support. We will most likely leverage group support once we do improve this
though.

On 13 October 2015 at 18:59, Thomas Raehalme <
thomas.raehalme at aitiofinland.com> wrote:

> Hi!
>
> Would be great if you could include access control so that you can
> administer people in group A but not in group B.
>
> I understand that this request partially overlaps with multi-tenancy but
> sometimes you want to have a single instance with separated administrators.
> You could have, for example, a SaaS application where creating separate
> instances doesn't make sense.
>
> Thanks!
>
> Best regards,
> Thomas
> On Oct 13, 2015 18:18, "Bill Burke" <bburke at redhat.com> wrote:
>
>> You just want something like github groups?  List your requirements.
>>
>> I am starting on Groups next week after 1.6 goes out.
>>
>> On 10/13/2015 9:11 AM, Subhrajyoti Moitra wrote:
>> > Thanks Stian for the update. any more details about this group feature,
>> > if you can pl share?
>> > We are using composite roles currently to manage "business groups".
>> > Since the group definitions are fixed and mutually exclusive, we are
>> > able to manage it with composite roles.
>> >
>> > Regards,
>> > Subhro.
>> >
>> > On Tue, Oct 13, 2015 at 4:39 PM, Stian Thorgersen <sthorger at redhat.com
>> > <mailto:sthorger at redhat.com>> wrote:
>> >
>> >     We are also planning on introducing groups soon. Users will be able
>> >     to belong to one or more groups and a group can have roles and/or
>> >     attributes associated with it.
>> >
>> >     On 13 October 2015 at 12:58, Subhrajyoti Moitra
>> >     <subhrajyotim at gmail.com <mailto:subhrajyotim at gmail.com>> wrote:
>> >
>> >         I think u can investigate composite-roles for the same.
>> >
>> http://keycloak.github.io/docs/userguide/html/roles.html#d4e2207
>> >
>> >         The composite-roles can be client specific roles re-presenting
>> >         your organizations, and keycloak roles can be the actual
>> >         "business roles" under these composite roles.
>> >
>> >         HTH.
>> >         Subhro.
>> >
>> >         On Tue, Oct 13, 2015 at 4:13 PM, Kunal K <kunal at plivo.com
>> >         <mailto:kunal at plivo.com>> wrote:
>> >
>> >             Hi all,
>> >
>> >             I am setting up an SSO server and i'm evaluating both CAS
>> >             and Keycloak. One of my main requirements is letting users
>> >             have multiple teams and be a part of multiple organizations.
>> >             I'm trying to wrap my head around how to do this in
>> >             Keycloak. Something on the lines of what Github does -
>> >             https://github.com/blog/674-introducing-organizations As an
>> >             evaluation process, I've already created a POC using CAS.
>> >
>> >             I would really appreciate any pointers on how to do this
>> >             with Keycloak.
>> >
>> >             Best,
>> >
>> >             Kunal
>> >
>> >
>> >             --
>> >             *KUNAL KERKAR *| PRODUCT ENGINEER
>> >             Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>> >             Web: www.plivo.com <http://www.plivo.com/> | Twitter:
>> @plivo
>> >             <http://twitter.com/plivo>, @tsudot <
>> http://twitter.com/tsudot>
>> >
>> >
>> >             _______________________________________________
>> >             keycloak-user mailing list
>> >             keycloak-user at lists.jboss.org
>> >             <mailto:keycloak-user at lists.jboss.org>
>> >             https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> >
>> >         _______________________________________________
>> >         keycloak-user mailing list
>> >         keycloak-user at lists.jboss.org <mailto:
>> keycloak-user at lists.jboss.org>
>> >         https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151013/afb812ec/attachment-0001.html

More information about the keycloak-user mailing list