Skip to main content
Anaconda Platform 7.0.0 is available through a limited early access program. Contact your Anaconda Technical Account Manager (TAM) if you’re interested in adopting the latest version.
Anaconda Platform uses Keycloak, an open-source identity and access management system, to handle authentication, manage user identities, assign permissions, and control access across the platform.

Accessing the Keycloak administrative console

You can access the Keycloak administrative console through the Anaconda Platform interface or by navigating to the console directly.
  • From Anaconda Platform
  • From a browser
  1. Open the user dropdown and select Users & Groups.
  2. Select Manage Users .
  3. Log in using your Keycloak administrator credentials.

Realms

In Keycloak, a realm is an isolated space containing all the necessary information to manage the authentication and authorization of users on a specific domain. Each realm has its own set of users, permissions, and client applications. The master realm is the system realm for Keycloak itself. Adding a user to the master realm allows them to log in to the Keycloak administrative console using their own credentials. The repo realm manages all other Anaconda Platform users and their authentication settings. It includes standard user accounts and their assigned roles and permissions. Most user management tasks take place in this realm. Further permissions for users on a realm are provided using roles. For more information, see Roles and permissions.

Realm selection

Always ensure you are working in the correct realm when managing users.
  1. Select Manage realms from the left-hand navigation.
  2. Select the realm you want to manage users for.

Viewing local users in Keycloak

To view your users at any time, complete the following steps:
  1. Access the Keycloak administrative console.
  2. Verify you are in the repo realm.
  3. Select Users in the left-hand navigation.
This list of users will not automatically contain users imported from external databases, such as a directory server (LDAP/AD).

Viewing federated users in Keycloak

To include users from an external directory server database in the local users list, complete the following steps:
  1. Access the Keycloak administrative console.
  2. Verify you are in the repo realm.
  3. Select User Federation in the left-hand navigation.
  4. Select your directory server.
  5. Expand the Sync Settings options.
  6. Toggle Periodic Changed Users Sync to ON.
The sync period is measured in seconds, and the default setting of 86,400 seconds is equal to 24 hours, or once daily. The servers must synchronize before imported users appear in the local database.

Creating a new user

If you want to provide access to Anaconda Platform for a new member of your organization, you need to add their identity information into Keycloak. To create a user, complete the following steps:
  1. Access the Keycloak administrative console.
  2. Verify you are in the repo realm.
  3. Select the Users in left-hand navigation.
  4. Select Add user.
  5. Enter the user’s information and toggle Email Verified to ON.
  6. Optionally, if you want to add the user to an existing group, select Join Groups, select available groups from the list, and then select Join.
    Adding a new user to a group provides the user with all permissions associated with the group. For more information, see Group roles.
  7. Select Save. More tabs appear.
  8. Select the Credentials tab.
  9. Select Set password.
  10. Enter a password for your user.
  11. If you want the user to choose their own password, leave Temporary toggled ON. If you want to control their password, toggle Temporary to OFF.
  12. Select Save.

Creating a new admin user

To add an admin user to the master realm with full permissions, complete the following steps:
  1. Access the Keycloak administrative console.
  2. Verify you are in the master realm.
  3. Select Users in the left-hand navigation.
  4. Select Add user.
  5. Enter the admin user’s information and toggle Email Verified to ON.
  6. Optionally, if you want to add the admin user to an existing group, select Join Groups, select available groups from the list, and then select Join.
    Adding a new admin to a group provides the admin with any permissions associated with the group. For more information, see Group roles.
  7. Select Save. More tabs appear.
  8. Select the Credentials tab.
  9. Select Set password.
  10. Enter a password for your admin user.
  11. If you want them to choose their own password, leave Temporary toggled ON. If you want to control their password, toggle Temporary to OFF.
  12. Select Save.
  13. Select the Role Mappings tab.
  14. Select Assign role.
  15. Select admin from the list.
  16. Select Assign.

Restricting admin rights

Creating an admin user with restricted rights allows you to delegate the responsibility for managing users, channels, and groups on the repo realm to another admin user, without giving them access to manage the master realm. You can create admin roles with restricted rights through the use of composite roles. For more information on composite roles and to view an example of how to provide restricted admin permissions, see Composite roles.

Changing your admin account password

If you update the password for the Keycloak admin account that was created during installation of Anaconda Platform, you must also make sure to update the KEYCLOAK_ADMIN_PASSWORD parameter in your .env file. To update your admin account password:
  1. Access the Keycloak administrative console.
  2. Verify you are in the master realm.
  3. Select Users in the left-hand navigation.
  4. Select admin from the list of available users.
  5. Select the Credentials tab.
  6. Select Reset password.
  7. Enter and confirm a new password for your admin account.
  8. Toggle Temporary to OFF.
  9. Select Save.

Changing your admin account email

To update the email address that is associated with the Keycloak admin user:
  1. Access the Keycloak administrative console.
  2. Verify you are on the master realm.
  3. Select Users from the left-hand navigation.
  4. Select admin from the list of users.
  5. Enter the email address, first name, and last name of the admin user in the Details tab.
  6. Select Save.