Keycloak: Creating a New User

In this tutorial, you will learn how to create a new Keycloak authorization server user.

For video lessons on how to secure your Spring Boot application with OAuth 2.0. and Spring Security 5, please checkout my complete video course OAuth 2.0. in Spring Boot applications.

To be able to follow this tutorial, you will need to have Keycloak installed and running. To learn how to download and install a standalone Keycloak server, please read the following tutorial first.

You might also be interested to check other Keycloak tutorials.

Creating an Initial Admin User

When you start the Keycloak server for the very first time, there will be no default username and password you can use to access the server. You will need to create an initial admin user to be able to log in.

Note: An initial admin user should not be used by applications that you will create an register with this server. You will use an initial admin user to login into your server for the first time, and to create new realms, new applications, and new users. Later in this tutorial, you will also learn how to create a new Realm and new users for that Realm.

There are a couple of ways to create an initial admin user.

  1. Create an initial user using the Administration page in the browser window,
  2. Create an initial user using the command line.

Creating an initial user in the browser

http://localhost:8080/auth

Use the form in the Administration Console section, to create an initial user. At the time of writing this tutorial, the form to create an initial user looks like the one on the image below.

Keycloak: Create an Initial User

Creating an initial user using a command line

To create an initial user in the master domain using the command line, open the terminal window and change directory into the Keycloak directory. The issue the following command:

bin/add-user-keycloak.sh -r master -u <username> -p <password>

Once you create an initial user, you should be able to login to Keycloak’s server master realm.

Note: It is recommended that you do not use the master realm to manage the users and applications in your organization. Reserve the master realm for an admin user. For each new application and its users, create a separate realm.

Create a New Realm

The realm is like a tenant in the Keycloak server.

To create a new realm,

  • Sign in with an admin user into admin realm using the following URL: http://localhost:8080/auth/admin
  • Look for the Master drop-down menu and click on Add realm button,
  • Type in a name for the new realm and click on the Create button.

Create new Realm in Keycloak server

Once the new realm is created, you will be automatically switched to use a new realm. You can start creating new users in the new realm.

Creating a New User

Once you have a new realm created, you can quickly create a new user in it using the command line.

bin/add-user-keycloak.sh -r <realm-name> -u <new user name> -p <new user password>

Alternatively, you can create new users in the browser window.

  1. Open the http://localhost:8080/auth/admin or http://localhost:8080/auth and then navigate to the Administration Console,
  2. Sign in with your Admin username and password,
  3. Switch to a needed realm,
  4. From the left side navigation menu, select Users section,
  5. Create a new user.

Create new user in Keycloak

Make User Verify Their Email Address

When creating a new user, you might want to specify that this new user needs to verify their email address.

Verify email address

Setting User Credentials

As an Admin you can assign a new user their username and password, and specify that these credentials are temporary and that the user will need to change their password.

Set user password

I hope this short tutorial was of some help to you. If you are interested to learn more, have a look at other Keycloak Server tutorials on this web site. There is more to learn.

Happy learning 🙋🏻‍♂️

 

Leave a Reply

Your email address will not be published. Required fields are marked *