Norwegian version of this page

Create and manage a WebID group

 

WebID uses local users in Keycloak and users are can't create and manage their own groups, this must be done by the IT Department. 

This is a guide on how to create and manage a new WebID-group.

Accessing the administration interface in Keycloak

The first time you log in

To manage groups in Keycloak your -drift user has to be a member of the group  it-usit-weblogin-gjest-admin. If you are not a member and need access, contact USITINT ukevakt.

To access the administration interface of Keycloak you must have local two-factor authentication enabled for your -drift user. You can do this on passord.uio.no

Bildet kan inneholde: rektangel, font, parallell, skjermdump.
Choose Two-factor authentication on passord.uio.no.
Bildet kan inneholde: font, parallell, skjermdump, rektangel.
Log in with ID-porten to configure Local two-factor authentication

If you are able to download the drifts-vdi client to your local machine that is recommended.

Log in to the drifts-vdi with you -drift user

Start the client, or access it through your browser at https://view-mgmt.uio.no/. Acessing through the browser:

1. Go to  https://view-mgmt.uio.no/

2. Choose VMware Horizon HTML Access 

skjermbilde av innlogging drifts-vdi.

3. You will be sent to a login window. Fill out the username of your -drift user in the username field, then provide the local two-factor authentication code in the field "One-Time Code". This is the local two-factor authentication set up at passord.uio.no.

Tip: If the current code is about to run out, wait for a new one to appear. Even if you are able to fill inn the code before it expires, it might fail if there is not enough time for the application to verify it. 

skjermbilde av f?rste innlogging med lokal tofaktor

4. You will be presented with a new login window. Fill in your -drift users username and password.

skjermbilde av del to av innlogging p? drifts-vdi

5. After acessing the drifts-vdi, choose your preferred client. The examples use "Linux Drift UiO-IT".

Skjermbilde av n?r man er innlogget i driftsvdi og klienter man kan velge mellom

6. You are now using drifts-VDI! Start a browser e.g. Firefox. If you can't find a browser to access, press 'Activities' in the upper left corner, or search for Firefox in the search field.

You can now log in to the administration interface in Keycloak.

Log in to Keycloak inside a drifts-vdi

1. In the browser ; go to admin.weblogin2.uio.no and log in with your -drift user. You will be asked to log in with two-factor authentication. When you log in to Keycloak for the first time you will have to set up two-factor authentication spesificly for Keycloak, so follow the instructions given. (This is not the same two-factor authentication as the previously mentioned local 2FA which is set up on passord.uio.no)

Skjermbilde av innloggingsvinduet til Keycloak admin

2. If you are not sent directly to the group administration page, choose WebID Group Admin in the drop-down menu to the left.

Skjermbilde som viser hvordan du velger gruppeadmin hvis du ikke kommer riktig med en gang

3. You should now be able to see "Users" and "Groups" in the menu to the left. You are ready to administer WebID-groups!

skjermbilde av grensesnittet til keycloak

Manage groups in Keycloak

To manage groups in Keycloak, log in as described above.

Create a group

1. Choose "Groups" in the menu to the left. You will be presented with a list of already created groups.

Skjermbilde av venstremenyen til Keycloak, hvor man kan velge mellom administrere "Users" og "Groups".

2. Check the provided list to make sure the group you want to make does not already exist.

3. Press "Create Group" to create a new group. Only use letters, numbers and hyphens.

Skjermbilde som viser knapp for ? opprette ny gruppe.

4. A new window will appear. Here you enter the name you want your group to have, and then press "Create".

Note: After creating the group, you will have to add a member as soon as possible, as the group will be deleted if there are no members.

Skjermbilde av popup-dialog ved opprettelse av ny gruppe.

Users that can be added to groups in Keycloak

There are three types of users that can be added to WebID-groups:

  1. WebID-users. These users have registered as WebID-users, see brukerveiledning for ? opprette en ny WebID-bruker
  2. UiO-users.
  3. Feide-users. These users must have logged in with Weblogin2 to be searchable, and to be added to groups.

Add users to a group

1. Click Groups in the menu to the left in Keycloak.

Bildet kan inneholde: font, elektronisk apparat, multimedia, skjermdump, duppeditt.

2. Find the group you want in the list of available groups and click it. Go to the tab called 'Members'.

skjermbilde av gruppeadmin med members-fanen.

3. Click 'Add members' and find the user in the list provided. You can use the search field to find the correct username.

skjermbilde som viser grensesnittet som lister opp brukere

5. Tick the boxes for the user(s) you want to add to the group, and then press the 'Add'-button.  

Note: The first time you attempt to add a user in a new group, you will get the error message "Could not add users to the group". Ignore this error, and press the 'Add'-button again.

Skjermbilde av feilmelding man f?r f?rste gang man legger til en bruker i en ny gruppe.

Remove users from a group

1. Click Groups in the menu to the left in Keycloak.

Bildet kan inneholde: font, elektronisk apparat, multimedia, skjermdump, duppeditt.

2. Find the group you want to remove user(s) from. Go to the tab 'Members', and then find the user(s). Press the button with three dots at the far right of the user, and click the 'Leave'-button. The user(s) should now be removed from the group.

Change the name of a group

It is not possible currently to change the name of your group. If there is an error in the naming of the group you will have to create a new one instead.

Delete a group

It is not yet possible to delete a group in Keycloak.

Published July 12, 2024 3:43 PM - Last modified Jan. 27, 2025 4:42 PM
E-mail this page