User administration
User accounts are managed by Keycloak which offers a web interface for managing users. It can be used to manage both technical and non-technical users.
Accessing the Keycloak admin console
Find out your Keycloak admin URL
Click the ‘My account’ button on the website, and then ‘Edit account information’ to find the base URL of your authentication server.
This is often something like authentication.<website-url.org>
(followed by further /
s).
Combine the ‘base url’ (just up to the .com
, .org
, etc) with admin/master/console/
. The end result may look something like:
And navigate to this URL.
Log in
Use the Keycloak admin password that you have configured previously
Ensure you’re using the right realm
The Loculus-specific users are stored in the loculus
realm which can be selected in the selection box in the left navigation bar.
How to create users
- Go to ‘Users’ on the left-hand menu
- Click ‘Add user’ button
- Add the username
- Note that new users cannot have the same emails as existing users
- Go to ‘Credentials’ and ‘Set password’
- Set a password and leave ‘temporary’ on, which forces them to set a new one on log-in
Superusers/curators
Superusers have the privilege to submit, revise, revoke and approve sequences on behalf of other groups. This role is envisioned to be assigned to curators.
- Click on ‘Users’ on the left-hand menu
- Click on the user you want and go to ‘Role mapping’
- Click ‘Assign role’ button
- Tick
super_user
- Click ‘Assign’
You can similarly unassign a role by selecting it from the current roles of the user, and clicking ‘Unassign’ (next to the ‘Assign role’ button)
Processing pipeline
The processing pipeline requires a technical user to authenticate with the Loculus API. To create a new technical user, you can use the usual user registration form on the website. Afterwards, go to the Keycloak admin console, click on “Users” in the left navigation bar, select the user, click on “Role Mappings” and assign the preprocessing_pipeline
role.