Manage Users

This page explains how to manage users in kdb Insights Enterprise, including how to create users, assign roles and groups, reset passwords, and more.

Users are entities that are able to log into your system. They can be assigned group membership for use with entitlements and have specific roles assigned to them.

Creating users

UI

CLI

  1. Log into the administration console.

  2. Choose the target realm ($REALM_NAME) from the top-left realm drop-down.

  3. Click Users in the menu.

  4. Click Add User.

  5. Enter the details for the new user.

  6. Click Save.

  7. Give the user credentials:

    1. Click the Credentials tab

    2. Click Set password

    3. Choose a password and leave Temporary set to on

    4. Click Save

    5. Confirm by clicking on Save password

Warning

Ensure you select the correct realm ($REALM_NAME) as the UI defaults to the Master realm on login.

Use kxi user to create a new user.

bash

Copy 
kxi user create $USERNAME \
 --email $EMAIL \
 --password $PASSWORD \
 --temporary

Replace the following:

  • $USERNAME: Username for the new user.

  • $EMAIL: Email for the new user.

  • $PASSWORD: Password for the new user.

Note

The user is asked to reset their password on first login when the --temporary flag is set

Assigning roles

UI

CLI

Assign roles to a user through the Role Mappings tab for that user.

  1. Log into the administration console.

  2. Click Users in the menu.

  3. Click the user that you want to add the roles to.

  4. Click the Role mappings tab.

  5. Click Assign role.

  6. Select the role you want to assign to the user from the dialog.

  7. Click Assign.

Use kxi user to assign roles.

bash

Copy 
kxi user assign-roles $USERNAME --roles $ROLES

Replace the following:

  • $USERNAME: Username to assign roles to.

  • $ROLES: Comma-separated list of roles to assign.

Note

View available roles with kxi user get-available-roles

Assigning groups

Refer to Assigning groups to a user for details on how to assign a group to a user.

Password resets

UI

CLI

You can reset passwords via the administration console.

  1. Log into the administration console.

  2. Click Users in the menu.

  3. Click the user whose password you want to reset.

  4. Click the Credentials tab.

  5. Enter a new password.

  6. Click Reset Password.

Use kxi user to reset a user's password.

bash

Copy 
kxi user reset-password $USERNAME --password $PASSWORD

Replace the following:

  • $USERNAME: Username to reset password for.

  • $PASSWORD: New password for the user.

Forgotten passwords

The application can provide password reset functionality via email if the realm is configured with an email server.

  1. Log into the administration console.

  2. Click Realm settings in the menu.

  3. Click the Login tab.

  4. Toggle Forgot password to ON.

A 'Forgot password?' link is now be displayed on the login screen.

Identity brokering

To use an identity provider other than Keycloak to authenticate users, configure this under Identity Providers in the menu.

The setup for this varies depending on the type of identity provider.

Refer to Keycloak Identity Brokering to read more for your specific use case.

Note

A user that authenticates via a different identity provider than Keycloak must log in at least once before roles can be assigned to them.

Tip

If an identity provider is configured but you can't see it on the login screen, ensure you are getting redirected to the correct login page: https://${INSIGHTS_HOSTNAME}/auth/admin/${REALM_NAME}/console/