User management in Keycloak

Last update: May 30 2026

The ML platform uses Keycloak for authorization in internal applications and user management.

Keycloak implements the SSO (Single Sign-On) mechanism: after successful authorization in one application, login to the rest happens automatically — you do not need to enter your username and password again.

Login credentials for the ML platform

When ordering an ML platform, a user with the username Admin is created in the CMLP realm. A realm is an area for managing users, credentials, roles, and groups.

The Admin user belongs to the Security Administrator group — they have access to the Security Admin Console and can create users, set a password for them, and configure roles and groups.

To log in to the Security Admin Console, use the one-time password provided after ordering the ML platform. The password must be changed when logging in to the platform for the first time.

Create a user

1. Open the ML platform at https://<ml_platform_domain>

   Specify <ml_platform_domain> — a URL of the form http://yourdomain.mlops.selcloud.ru that was issued after connecting the ML platform.

2. Specify the security administrator login and password.

3. Open the Security Admin Console application.

4. Go to the Manage → Users.

5. Click Add user.

6. In the Username field, enter the user name.

7. In the Email field, enter the email address; it is required for access to certain applications, such as Grafana.

8. Optional: add the user to a group. If no group is specified, they will be added to the Viewer group by default.

   Keycloak has several user groups:

   • Security Administrator — has access to the Security Admin Console and can create users, configure user groups, and manage access. By default, the Admin user is created in the ML platform;
   • Administrator — can configure internal services (e.g., Grafana);
   • Editor — can change individual parameters (e.g., dashboards in Grafana, pipelines in ClearML);
   • Viewer — read-only access.

9. Click Save.

10. Optional: set a password for the user.

Set a password for a user

You can set a password for created users.

1. Open the ML platform at https://<ml_platform_domain>

   Specify <ml_platform_domain> — a URL of the form http://yourdomain.mlops.selcloud.ru that was issued after connecting the ML platform.

2. Specify the security administrator login and password.

3. Open the Security Admin Console application.

4. Go to the Manage → Users.

5. Click View all users.

6. Open the user page → Credentials.

7. In the Password field, enter the password.

8. Optional: to configure the user to change their password on first login, enable the Temporary toggle.

9. Click Set Password.