Manually Managing and Activating Users

keycloak login temporary password reset password

Manually Managing and Activating Users#

AMD Resource Manager is optimized to support user management where users are federated via an identity provider (IDP) through SSO (single sign-on) or the user management workflow is orchestrated by the AMD Resource Manager user interface. For routine user management, use the AMD Resource Manager UI to invite users, which supports both email-based invitations (with SMTP) and temporary password-based invitations (without SMTP).

Updating the Email Domains for Organization#

If you are managing users for your installation, it is likely that the default email domain(s) configured for the organization will need to be updated. Only users with email addresses matching the configured domain(s) can be invited to the platform.

To update the email domains for your organization, you’ll need to access the Keycloak admin console:

  • The URL of the Keycloak instance for your application, and corresponding admin credentials are known.

    • The Keycloak URL is typically https://kc.<domain provided during installation>/admin/master/console/

    • The Keycloak credentials should be provided to you by AMD’s customer success team during installation.

  • Once you have logged into Keycloak, the correct realm must be selected (typically airm) as all actions are realm-specific.

  1. Navigate to the Organizations tab in Keycloak.

  2. Select the pre-configured organization.

  3. Adjust the Domain of the organization to reflect the email domain(s) associated with your organization (e.g. myorg.com and myorg.org).

  4. If you are intending to support users from multiple domains in the platform, add a row for each of the email domains.

Resetting User Passwords in Keycloak#

If an administrator forgets a temporary password they set for a user, or if a user needs an emergency password reset, you can reset the password directly in Keycloak:

  1. Navigate to Users in the Keycloak realm.

  2. Search for and select the user whose password needs to be reset.

  3. Click on the Credentials tab.

  4. Click Reset Password or Set Password.

  5. Enter the new password.

    • Password requirements: Between 8 and 256 characters, no leading or trailing spaces

  6. Check the Temporary checkbox to ensure the user is required to change their password on first login.

  7. Click Save.

  8. Communicate the new temporary password to the user through a secure channel.

AMD Resource Manager UI#

Once the user has logged in, you can manage their access to projects and permissions via the user interface. As a platform administrator, you can find the new in user in the Users tab. Select the user and adjust their roles (if needed) and/or add them to the desired projects as described in the AMD Resource Manager user guide.

If either the roles of the user, or the projects that the user has access to has changed, they will need to log out and log back in to see the changes.