Skip to main content

User management in Keycloak

Last update:

The ML platform uses Keycloak for authorization in internal applications and user management.

Keycloak implements SSO (Single-Sign On) mechanism: after successful authorization in one application, login to other applications is automatic — login and password do not need to be entered again.

Credentials for logging into the ML platform

When ordering an ML platform, a user with the Admin login is created in the CMLP realm. A realm is an area for managing users, credentials, roles, and groups.

The Admin user belongs to the Security Administrator group — he or she has access to the Security Admin Console and can create users, set a password for them, and configure roles and groups.

Use a one-time password to log in to the Security Admin Console — it is provided after ordering the ML platform. The password must be changed the first time you log in to the platform.

Create a user

  1. Open the ML Platform at https://<ml_platform_domain>

    Specify <ml_platform_domain> — A URL of the form http://yourdomain.mlops.selcloud.ru that was issued after the ML platform was connected.

  2. Specify the login and password for the security administrator.

  3. Open the Security Admin Console application.

  4. Go to Manage → Users.

  5. Click Add user.

  6. In the Username field, enter a user name.

  7. In the Email field, enter your email address — it is required to access some applications, such as Grafana.

  8. Optional: add the user to a group. If you do not specify a group, it will be added to the Viewer group by default.

    Keycloak has several user groups:

    • Security Administrator — Has access to the Security Admin Console and can create users, configure user groups, and manage access. In the ML platform, the Admin user is created by default;
    • Administrator — can configure internal services (e.g. Grafana);
    • Editor — can change individual parameters (e.g. dashboards in Grafana, pipelines in ClearML);
    • Viewer — read-only access.

  9. Click Save.

  10. Optional: set a password for the user.

Set a password for the user

You can set a password for the created users.

  1. Open the ML Platform at https://<ml_platform_domain>

    Specify <ml_platform_domain> — A URL of the form http://yourdomain.mlops.selcloud.ru that was issued after the ML platform was connected.

  2. Specify the login and password for the security administrator.

  3. Open the Security Admin Console application.

  4. Go to Manage → Users.

  5. Click View all users.

  6. Open the user page → Credentials tab.

  7. In the Password field, enter a password.

  8. Optional: to configure the user password to be changed at the first login, enable the Temporary toggle switch.

  9. Click Set Password.