...
For the EWC, each tenant in the EWC has its own unique Realm created during the on-boarding process.
Client Applications
Clients in Keycloak represent applications and services that users interact with. Each client has its own settings and permissions.
Users
A User in Keycloak is anyone who needs to access the EWC services. Users have unique identities (like usernames and passwords) that they use to log in. Users are unique within a single tenancy. Users having access to multiple EWC tenancies have a dedicated account in the IAM of each tenancy.
Roles
Roles define what actions users or groups of users can perform within the EWC IAM and the connected clients (applications and services). Roles come with certain responsibilities and permissions. For example, an "Admin" role might have permissions to manage other users and configure settings.
The EWC IAM has a set of predefined roles available. Tenant admins can create additional roles if their specific use cases require them.
Client Applications
Clients in Keycloak represent applications and services that EWC users access using their IAM credentials. Each client has its own settings and permissions.
The EWC IAM supports two kinds of client endpoints:
- Single tenant endpoint - clients (applications) dedicated to a given EWC tenancy connect to this endpoint. The endpoint allows only users from the given tenancy to log in to the connected client.
- Multi-tenant endpoint - generally shared EWC services use this endpoint. Users log in to these services using a two-step login process where they first specify their tenancy and after they enter their credentials.
Advanced Concepts
Identity Providers
...