How to manage users in our company with limiting access to resouces /clients)


I read tons of posts here and on Stack Overflow, but it looks like I need alittle bit of help,

What I want is to get the answer, how to setup our company system right.

My setup:

Keycloak in Docker behind nginx proxy.

I decided to move on from local accounts on all stuff we use in our company and have a single point, where I cam manage who can access what and what role is assigned to him inside the app (if this feature is supported by the app).

We use apps like

  • Mattermost
  • Nextcloud
  • Wiki.Js
  • Wordpress
  • Zammad

I know I can setup the connectiom to all of them and I was sucessfull in that, so all keycloak users can get into their accounts in those services.

What I want to achieve: We have multiple levels of permissions and obs in our company + we have external workers and collaborating agencies. I want to be able to easily set, who can access what client (app). Some apps allows me to select roles that can login, or set permissions to roles they will get from Keycloak. But some don’t, so I want be able to not let tem login into the client without being in a group/having a role.

I also need help with user attributes. There are attributes I need to set for nearly all users, but they value changes for each user. For example, for Mattermost to work, I need to set every user a MattermostId attribute with a unique number. Is there a option to automatically generate this attribute, or at least assign it automatically to every user with a null value and then let me change it for him, so I don’t need to copy all the attributes and create them one by one for every new user?

I hope I explained everything I have and everything I want. I looking forward for your replies and I thank you fo all your help.