Summary: this page explains how to login to Keycloak and configure your authentication method and user roles.


Before you start using Console, you will need to configure your authentication method and assign roles to users. To do so, connect to Keycloak which manages authentication:


Click the Administration Console option:

The default login credentials are admin/admin unless these have been modified as part of the deployment process. When logged in, you now have a choice depending on your how you want to authenticate as listed below.

These credentials are specific to Keycloak and not Console. You can change the default password if required, post installation, using the following URL:


Enabling and configuring a new authentication mode will NOT disable any existing authentication modes configured in Keycloak. Therefore, CAST highly recommends that you disable all existing authentication methods before adding a new one: in most cases this will involve disabling or deleting the "local" users provided with CAST Console or any that you have created yourself:

Click to enlarge

Local authentication managed by Keycloak

See Keycloak - Local Authentication.

LDAP authentication

See Keycloak - LDAP.

SAML authentication

See Keycloak - SAML.