0

I need to implement user hierarchy using keycloak and I was wondering if someone has done it before or perhaps can give me some pointers on different ways.

In our scenario we have

  • single application to protect with open-id connect
  • 1 single super-admin ( realm admin)
  • many team admins ( created by the super admin ) who can only administer users who belong to the same team as themselves
  • ordenary users who belong to a given team and created by the team admin

Is there a way to achieve this using keycloak's authorization?

Shall I build a Custom REST endpoint in keycloak to implement this?

Shall I create groups / team perhaps ?

I am not sure what is the easiest route. I would like implement the easiest solution.

identigral
  • 3,920
  • 16
  • 31
Istvano
  • 992
  • 1
  • 12
  • 19
  • Duplicate of https://stackoverflow.com/questions/45570215/how-to-properly-do-delegated-user-self-administration-with-keycloak . My 2 cents: Keycloak is not designed for this, at least not at the moment. – identigral Jul 14 '19 at 17:40
  • 1
    Hi, thanks for this. I tried but could not find the question. I gave me really good ideas. Thanks – Istvano Jul 28 '19 at 15:55

0 Answers0