[keycloak-user] Need to log in to all realms with unique admin users

[Dmitry Telegin]

Hello Mattia, answers inline,

On Thu, 2018-10-25 at 13:34 +0000, Mattia Bello wrote:
> We have this situation:
> 
> master realm -> used to manage other realms
> 
> realm1, realm2, realm3, .. -> are retailers and contain companies
> 
> for each realm we have group1, group2, group3, .. -> are companies and contain a group of users
> 
> we have to see all the retailers (realms), the companies (groups) and the users
> 
> How can I do it?
> 
> Can i create a master realm user and use it to access all the other realms?

Yes you can. In fact, there is already such a user - it's admin that
you've created on the first run. If you want more users with such an
access in master realm, grant them "admin" realm role. If you look into
"admin" role details, you'll see that it automatically includes all the
client roles of *-realm clients, that's how it works under the hood.

If you don't want to grant that powerful admin role, go to user -> Role
mappings and assign the necessary client roles from the *-realm
clients. The user will get access to the admin functions for that realm(s).

> 
> Or i have to replicate the admin user in master realm into all other realm to use it to log in in that realm?

This is possible too. Create a user in the target realm, go to Role
mappings and assign the necessary roles from the realm-management
client.

Good luck,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

> 
> Thank to all
> 
> 
> 
> Mattia Bello
> Developer
> 
> > [Descrizione: cid:image001.jpg at 01CEB308.188717E0]
> Horsa S.p.A.
> Via Cadorna, 67
> Vimodrone (MI)
> Mobile  (+39) 340 36 07 937
> www.horsa.it<http://www.horsa.it/>;
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user