I'm using symfony2 and SonataAdminBundle. I have user management in two categories. I have created a group named User Management. Is it possible to create 2 subgroups inside the User Management group with the 2 categories in sonata admin?
Related
We have a system that utilizes different tenants, where users can be part of one or multiple tenants. You can imagine it as one application, where users can switch between the tenants and see assets related to the selected tenantId.
Our exernal KeyCloak adviser proposes to use one realm und reflect different tenants as clients in KeyCloak.
I´ve read on different sources, that it is not adviced to use multi tenancy with one realm, though i am not 100% sure if it applies for our usecase.
Additionaly we will need to have different groups on the same user, depending on the tenantId.
For example a user could have Group A and B on tenant 1 but only Group B on tenant 2. This doesnt seem to be possible out of box with KeyCloak.
Which general approach would you suggest?
I am looking for best recommended approach to create / manage users with organization name and id in Keycloak ( through a html form )
I read following documentation but cannot find a straight forward way to manage users there with organization name and Org id.
https://www.keycloak.org/docs/latest/authorization_services/
The approach that i used was using a custom attributes but i am not sure if that is the recommened approach or not.
Step-1, For every user create a custom attribute "OrgId" with value unique to that organization lets say 1.
Step-2, For the Client, that the user belongs to, define a protocol mapper "OrgId"
Step-3, Create a table for Organziation into our system, add an Organization entry there when first user for that organization is created.
Problem i am trying to solve: We need to keep track of various actions that users belongs to an organization is doing, such as we need to keep track which organization bought what type of products from our system
Is there a way for all users to create custom users attribute in keycloak (like phone number)?
You can create a group and add an attribute to it.
Then set that group as default group. This way the attribute set to the group is available to all the users
I have configured Keycloak with user self-registration. The keycloak instance will hold users of multiple customers which I plan to put into groups (so each customer can have admins that can manage these users through fine-grained permissions).
To map users that are self-registering to appropriate groups (using their email address, e.g.) I'd like to put them in their default group upon registering. Is this possible using either configuration or implementing an SPI? Or are there other possibilities to achieve a similar behavior?
I'm using Typo3 6.2 and I have added a user account (backend user). When I now login with this new user I get the error message "no module found". When I login again with my admin account everything is fine. How can I fix this?
You have probably created an unprivileged user (editor). You need to explicitely give users access to
Backend modules
Subtrees of the page tree
Folders
Tables
and so on.
To do that, you usually create a backend user group, set the permissions for this group, and assign it to the user.
You can create the group either on the root page (id 0) as record or in the user management module, where you assign the groups to users.
There are two functionalities two make pages visible for users/groups:
You need to add the root of the subtree a groups should be able to use to the group as a mount point.
You need to give the group the right to view/edit/delete/update the pages. You can do that as admin in the "Access"-module. It's similar to the Unix owner/group concept.