How to create admin for local realm?

Running version 20.0.1 (not important I think)
So I have everything running: Clients, Groups, Identity provider, but it still escapes me how the procedure is to create a local realm admin. One that can only rule in his (or hers) own realm.

I’m guessing that such users must be created in the Master realm, but how to get the different roles assigned to them like view-user, create-client or any of the other 20ish roles to choose from ???
If I look at possible roles to assign to such a “local admin” I get only 4: admin , create-realm, offline_access and uma_authorization.

It is probably in the documentation, but I don’t seem to find it so a bit of help here would be appreciated.


Create the user within the realm. You’ll add a single role to enable it as an admin

  1. Select Role Mappings for the User,
  2. Select Client-Roles: realm-management
  3. Specify “realm-admin”

Hi Carl,
Thanks, even if your answer was a bit on the cryptic side. So this post just to clarify for others in the same position:

Everything must be done as superadmin in the target realm:

  1. In the navigation panel select “Users”

  2. Click the user you want as local admin

  3. Select Tab “Role Mapping”

  4. Click “Assign Role”

  5. Here comes the tricky part. I believed that the “Filter by realm roles” was a filter to narrow the selection, but it is actually a drop-down menu. Click it and select “Filter by clients”.

  6. Select the “realm-admin” with tag “realm-management”

So thanks again Carl. Obviously you know your way around Keycloak, but some of us are just getting there. But knowing that the option was in fact available was the kicker.


NP. My instructions were accurate, but for the older admin UI. Your post is good for the new one.

1 Like