User Management

Overview

The User Management panel provides Keycloak administrators with the ability to view and manage platform users. This feature displays comprehensive user information including usernames, names, emails, assigned groups, and roles. It enables administrators to maintain proper access control by managing user role assignments through integration with Keycloak's admin console.

Access & Location

Route: ?panel=users
Navigation: Admin → User Management
Access Requirements:
- keycloak-admin role (required)
- Only visible to users with Keycloak administrator privileges
Feature Flags: None

Key Capabilities

View User Information

Display a comprehensive list of all users in the Keycloak realm with their profile information, group memberships, and assigned roles. The table provides a searchable, paginated interface for easy navigation through the user base.

Search Users

Filter the user list by username using the built-in search functionality. The search performs real-time filtering on the username field, making it easy to locate specific users in large organizations.

Manage User Roles

Access Keycloak's role management interface directly from the dashboard to assign or modify roles for specific users. This action opens the Keycloak admin console in a new tab, providing full role management capabilities.

User Interface

Main View

The main panel displays a data grid table with the following information:

Username: The user's login identifier
Name: The user's full name (first and last name combined)
Email: The user's email address
Groups: Visual chips displaying all groups the user belongs to
Roles: Visual chips displaying all roles assigned to the user
Actions: A dropdown menu with available management actions

The table includes:

Client-side pagination (10 users per page)
Search toolbar with filter icon
Sortable columns
Pinned actions column on the right side

Located at the top of the data grid, the search toolbar includes:

Filter icon indicator
Text input field with placeholder "Enter property value"
Clear button (X icon) to reset search
Real-time filtering as you type

Each user row includes an "Actions" dropdown button that provides:

Add Role: Opens the Keycloak admin console role-mapping page for the specific user in a new browser tab
- Only enabled for users with manage-users and query-users roles
- Disabled with tooltip "Keycloak Admin or owner only" for unauthorized users

Technical Details

GraphQL Operations

Queries:

getKeycloakUsers - Retrieves all user information from Keycloak including usernames, names, emails, groups, and roles

Mutations: None - Role management is performed through Keycloak's native admin interface

Subscriptions: None

Component Structure

Main Component: components/KeycloakUsers/KeycloakUsersPanel.tsx
Table Component: components/KeycloakUsers/KeycloakUsersTable.tsx
Actions Menu: components/KeycloakUsers/KeycloakUsersActionMenu.tsx
Hook: hooks/useKeycloakUsers.ts

Access Control

The panel uses multiple layers of access control:

Panel visibility: Only shown when isKeycloakAdmin is true (checked in PanelWindow.tsx)
Navigation visibility: Only appears in Admin navigation group when user has keycloak-admin role (checked in PanelNav.tsx)
Action permissions: Role management actions require both manage-users and query-users roles, stored in KeycloakRBACContext as userRBAC[2]

Keycloak Integration

The component integrates with Keycloak through:

Authentication: Uses Keycloak token for GraphQL API authentication
Data Fetching: Queries Keycloak user data via GraphQL backend
Role Management: Deep links to Keycloak admin console for role assignments
Context: Leverages KeycloakContext for protocol, domain, and realm information

URL Construction

Role management links are constructed using the format:

{protocol}://{kcDomain}/auth/admin/{realm}/console/#/{realm}/users/{userId}/role-mapping

Common Workflows

View All Users

Navigate to Admin → User Management from the sidebar
The panel loads and displays all users in a paginated table
Scroll through pages to view additional users (10 per page)

Search for a Specific User

Open the User Management panel
Click in the search field at the top of the table
Type the username you're looking for
The table filters in real-time to show matching users
Click the X button to clear the search and show all users

Add Roles to a User

Locate the user in the table (use search if needed)
Click the "Actions" dropdown button in the user's row
Select "Add Role" from the menu
Keycloak admin console opens in a new tab at the role-mapping page
Use Keycloak's interface to assign or remove roles
Return to the dashboard (changes will be reflected on next data refresh)

Billing Projects - Manage project-based resource allocation
Authorization Policies - Configure service-level access policies
Service Accounts - Manage non-human authentication credentials

Notes & Tips

The search functionality only filters by username, not by name, email, groups, or roles
Role assignments are performed through Keycloak's native interface, not directly in the dashboard
The panel automatically refetches user data when opened
Users with keycloak-admin role can see this panel, but need additional manage-users and query-users roles to perform role management actions
The data grid shows roles and groups as visual chips for easy scanning
All role management actions open in a new browser tab to maintain dashboard state
Client-side pagination means all user data is loaded at once (suitable for moderate user bases)

User Management

Overview​

Access & Location​

Key Capabilities​

View User Information​

Search Users​

Manage User Roles​

User Interface​

Main View​

Search Toolbar​

Actions Menu​

Technical Details​

GraphQL Operations​

Component Structure​

Access Control​

Keycloak Integration​

URL Construction​

Common Workflows​

View All Users​

Search for a Specific User​

Add Roles to a User​

Related Features​

Notes & Tips​