Create (import) "clean" realm over Admin REST API

Hi all,

I want to use the Admin REST API to automatically create (import) realms for a multi-tenant scenario. For this I created a small JSON template with only the necessary roles, clients, etc.

But after I successfully imported this realm into Keycloak, all the default Keycloak roles and clients are also there. But I don’t need them. (The accounts client for example).

Is there any way to tell the admin API not to generate the default objects? Or to exclude some of them?

Are there any best practices when creating realms automatically?

In my opinion, it should be a good idea to delete/disable unneeded clients/roles to minimize entry points for attackers and to minimize error sources or unwanted behaviors.

Thanks in advance!

You can delete what you don’t want using the Admin API, but there is currently no mechanism to force it not to created the default objects you want. Also note that there are assumptions in Keycloak about having the accounts client present, and you should not delete it.