Versions Compared

Old Version 8

changes.mady.by.user Annegret Bernhardt

Saved on

compared with

New Version 9

changes.mady.by.user Annegret Bernhardt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space WADMINPAS and version 23.2

Accessing the Identity Management

In our Scheer PAS platform, we use Keycloak as identity management tool.

You can access it via the corresponding tile in the Scheer PAS Portal .

Only users with profile keycloak_user are able to see the tile in the portal.

If you click the identitiy identity management tile, the tool will open within the portal.

Keycloak: Managing Authentication

Scheer PAS uses Keycloak to manage Single Sign-on for the platform.


Image ModifiedImage Removed
Tip

In the Official Keycloak Documentation you will find detailed descriptions of all Keycloak functionalities. Please note that the official documentation may vary according to different versions of the tool.

Before consulting the documentation check your Keycloak version:

  • Open the user menu and chose option Server Info.
  • On page Server Info, check the entry in field Server Version.

Creating Additional Keycloak Admins

Info

You need to login with a Keycloak administration user to be able to access the Master realm.

Image Removed

You can create additional admins for Keycloak as follows:

Log into the identity management and go to realm Master.

Image Removed

Open menu Users and create a new user or edit an existing one.

Image Removed

Switch to tab Role Mappings and assign role admin in section Realm Roles.

Approving Users in Keycloak

PAS 22.1 Scheer PAS offers a user self registration feature which allows customers to request for an account. The feature is disabled by default but can be enabled upon request. Contact the Scheer PAS support team if you want to use the user self registration on your system.

Manual Approval of a User

Info

If the user self registration and the user approval workflow are enabled, every newly created user must be approved. However users are automatically approved when they are created via

  • the Scheer PAS User Management.
  • a user federation like LDAP.

Image Removed

Log into the identity management and navigate to tab Users.

Image Removed

Search for the user you want to approve and open the user datasheet with the Edit button.

Info

Approval users receive an email notification with details when a newly created user is waiting for approval. Refer to Adding Additional Approvers to learn more about this user group.

Image Removed

In the user datasheet, remove the required user action Account Approval Required and press Save.

Image Removed

If you want to give the user permission to use the API Developer Portal, you must add the user to the group API-Management-Developer-Portal-Users.

  • PAS Administration and search for Keycloak.
  • The version of the running Keycloak service is displayed in column Version

Adding Additional Approvers

Members of the User-Approvers group have permission to approve new users who sign up using the self registration form.

Approval users also receive an email notification with details when a newly created user is waiting for approval.

If you want to add a user to the User-Approvers group, do as follows:

  • Log into the identity management and navigate to tab Users.
  • Search for the user and open the user datasheet with the Edit button.
  • Open tab Groups.
    • In section Available Groups, select User-Approvers and confirm with the Join button

    Image Removed

    • .

    Otp
    Floatingfalse
    maxHLevel2

    Rp
    Rde

    ...