User management in Keycloak
The ML platform uses Keycloak for authorization in internal applications and user management.
Keycloak implements SSO (Single-Sign On) mechanism: after successful authorization in one application, login to other applications is automatic — login and password do not need to be entered again.
Login credentials to the ML platform
When ordering an ML platform, a user with the Admin login is created in the CMLP rlma. A realm is an area for managing users, credentials, roles, and groups.
The Admin user belongs to the Security Administrator group — he has access to the Security Admin Console and can create users, set a password for them, configure roles and groups.
Use a one-time password to log in to the Security Admin Console — it is provided after ordering the ML platform. The password must be changed the first time you log in to the platform.
Create user
-
Open the ML platform at
https://<ml_platform_domain>
Specify
<ml_platform_domain>
— a URL of the formhttp://yourdomain.mlops.selcloud.ru
that was issued after connecting the ML platform. -
Specify the [security administrator] login and password(#credentials-for-login).
-
Open the Security Admin Console application.
-
Go to Manage → Users.
-
Click Add user.
-
In the Username field, enter your user name.
-
In the Email field, enter your email address — it is required to access some applications, such as Grafana.
-
Optional: add the user to the group. If you do not specify a group, it will be added to the Viewer group by default.
Keycloak has several user groups:
- Security Administrator — Has access to the Security Admin Console and can create users, configure user groups, and manage access. In the ML platform, the
Admin
user is created by default; - Administrator — can configure internal services (e.g. Grafana);
- Editor — can change individual parameters (e.g. dashboards in Grafana, pipelines in ClearML);
- Viewer — read-only access.
- Security Administrator — Has access to the Security Admin Console and can create users, configure user groups, and manage access. In the ML platform, the
-
Press Save.
-
Optional: set-password-for-user.
Set a password for user
You can set a password for the created users.
-
Open the ML platform at
https://<ml_platform_domain>
Specify
<ml_platform_domain>
— a URL of the formhttp://yourdomain.mlops.selcloud.ru
that was issued after connecting the ML platform. -
Specify the [security administrator] login and password(#credentials-for-login).
-
Open the Security Admin Console application.
-
Go to Manage → Users.
-
Click View all users.
-
Open the user page → Credentials tab.
-
In the Password field, enter your password.
-
Optional: to configure the user password to be changed at first login, enable the Temporary toggle switch.
-
Click Set Password.