Using Keycloak admin APIs without using master realm user details

kurianbenoy-aot · January 12, 2022, 11:01am

I wanted to modify the group attributes in a particular realm using keycloak APIs. How can I dot it, without creating a new user/existing user credentials as part of master realm.

xgp · January 12, 2022, 11:59am

Any user with the manage-groups role in that realm will be able to use the Admin API to modify group attributes.

kurianbenoy-aot · January 13, 2022, 3:37am

@xgp isn’t manage-group role available only in master realm. If I don’t have access to master realm, then what will I do?

xgp · January 13, 2022, 8:46am

No. It’s in the realm-management client roles. Go into the user in that realm you want to grant the role. select realm-management from the “Client roles” dropdown". Select manage-users (sorry, there is no manage-groups, but you need manage-users in order to modify groups).

kurianbenoy-aot · January 13, 2022, 11:25am

@xgp this approach works. Another approach I found is using a client credential as grant-type with a Service account will also give me access to generating tokens

Topic		Replies	Views
How can I use master realm admin credentials to manage users in another realms	0	663	March 3, 2023
Grant admin access to multiple realms for a user not in master realm Configuring the server admin-console	4	3304	September 1, 2024
How to create Super User with limited access like View, Profile Edit access etc..,	5	140	July 4, 2024
Can we set an admin user for a realm that is not master?	3	5446	October 31, 2021
Admin of master realm cannot manage users in other realms via admin api	0	405	September 8, 2020

Using Keycloak admin APIs without using master realm user details

Related topics