Summary
Local authentication (users defined directly in Keycloak) is enabled by default. CAST provides a predefined local user called "admin" with the password "admin" and the "admin" and "dashboard_admin" roles.
Change admin user password
The "admin" user has access to everything (all applications, Admin Center, embedded Dashboards (all applications) etc.). You can use this user without any further changes, however, CAST highly recommends changing the password for this user. To do so, click Users > View all users:
Click Edit next to the predefined admin user:
Click the Credentials tab and set a password for this predefined admin user:
If you do not need to configure any other users, this is all you need to do and you can login with this user as explained in Initial login to AIP Console - v. 2.x.
Add an additional local user
If you need to add any additional local users, click Users > Add user:
Fill in the required fields - in the example below, a new user called "new_user" has been added:
Now click the Credentials tab and set a password for your new user:
Now click the Role Mappings tab where you can assign roles to the user:
- either the admin or application_owner role to access Console (admin grants full rights to everything, application_owner grants only rights to access the user's own applications and not the Admin Center).
- any one of the Dashboard roles as discussed here:
- dashboards_admin
- dashboards_exclusion_manager
- dashboards_quality_automation_manager
- dashboards_quality_manager
Note that users assigned the application_owner role will not be able to view applications created by other users. To allow them to do so, you will need to assign them the resource level resource owner role in Console itself, see Administration Center - Security - User Roles.
That's it, the configuration is complete for local authentication.
