Skip to content

User Groups

UDS Core deploys Keycloak which has some preconfigured groups that applications inherit from SSO and IDP configurations.

Applications

Grafana

Grafana maps the groups from Keycloak to it’s internal Admin and Viewer groups.

Keycloak GroupMapped Grafana Group
AdminAdmin
AuditorViewer

If a user doesn’t belong to either of these Keycloak groups the user will be unauthorized when accessing Grafana.

Neuvector

Neuvector maps the groups from Keycloak to it’s internal admin and reader groups.

Keycloak GroupMapped Neuvector Group
Adminadmin
Auditorreader

Keycloak

Identity Providers ( IDP )

UDS Core ships with a templated Google SAML IDP, more documentation to configure the realmInitEnv values in uds-identity-config.

Alternatively, the realmInitEnv can be configured via bundle overrides like in the k3d-standard-bundle.

Configuring your own IDP can be achieved via:

  • Custom uds-identity-config with a templated realm.json

  • Keycloak Admin UI and click ops

  • Custom realm.json for direct import in Keycloak