User Groups

UDS Core deploys Keycloak which has some preconfigured groups that applications inherit from SSO and IDP configurations.

Applications

Grafana

Grafana maps the groups from Keycloak to it’s internal Admin and Viewer groups.

Keycloak Group	Mapped Grafana Group
Admin	Admin
Auditor	Viewer

If a user doesn’t belong to either of these Keycloak groups the user will be unauthorized when accessing Grafana.

Neuvector

Neuvector maps the groups from Keycloak to it’s internal admin and reader groups.

Keycloak Group	Mapped Neuvector Group
Admin	admin
Auditor	reader

Keycloak

Note

All groups are under the Uds Core parent group. Frequently a group will be referred to as Uds Core/Admin or Uds Core/Auditor. In the Keycloak UI this requires an additional click to get down to the sub groups.

Identity Providers ( IDP )

UDS Core ships with a templated Google SAML IDP, more documentation to configure the realmInitEnv values in uds-identity-config.

Alternatively, the realmInitEnv can be configured via bundle overrides like in the k3d-standard-bundle.

Configuring your own IDP can be achieved via:

• Custom uds-identity-config with a templated realm.json

• Keycloak Admin UI and click ops

• Custom realm.json for direct import in Keycloak