Skip to main content
Skip table of contents

User management Keycloak (IAM)

A Keycloak system is located behind the normal Authorization Concept of JUMO smartWARE SCADA, which takes over cross-user management as IAM.

At the start, only the "root" user is available

Access to the Keycloak administration console

  1. Enter SCADA-URL into the web browser with the ending /auth: https://Hostname/auth/

  2. Click on "Administration Console"

  3. Log in with user = "root" and password = root password

Creating additional users and view all users

  1. Manage → Users → Add user

  2. The following entries are necessary and subsequently confirmed with "save":

    1. User name

    2. First Name (optional: but useful to find the user in central administration again)

    3. User Enabled → ON

    4. Email Verified → ON

  3. Allocate password

    1. Allocate password under "Credentials" and confirm with "Set Password"

    2. Under "Temporary" → OFF (i.e. the user is not asked again to change password)

  4. Checking whether or not the user was created:

    1. Users → View all users

It is always helpful to hover over the question marks within Keycloak to get additional information.

"Single Sign On" concept: One user name and one password for all applications

Linking SCADA user management with a company-own user management

  1. Go to "Add provider" in the Keycloak console and make a selection under "User Federation":

    1. Option 1: LDAP connection

    2. Option 2: Kerberos

  2. Subsequently, provide all necessary and desired settings

  3. Afterwards, every user within the set provider can access the SCADA application with a known user name and password.

Changing log-in settings

  • User Registration → Here you can set that users must register in order to access the SCADA application.

  • Edit user name → Off

  • Forgot password → If this function is active and an email server is set up in Keycloak, the forgotten password function can be used.

Set up email server for verification

This is required, for example, if the forgotten password or email verification function is to be used. Generally, if the Keycloak console is to send mails.

Setting safety and password guidelines

Security and password policies can be set under these sections:

Changing token settings

Here you can set, among other things, how long the session remains active in the browser before the system automatically logs you out and prompts you to log in again: "Access Token Lifespan For Implicit Flow".

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.