Using Keycloak admin APIs without using master realm user details

I wanted to modify the group attributes in a particular realm using keycloak APIs. How can I dot it, without creating a new user/existing user credentials as part of master realm.

Any user with the manage-groups role in that realm will be able to use the Admin API to modify group attributes.

1 Like

@xgp isn’t manage-group role available only in master realm. If I don’t have access to master realm, then what will I do?

No. It’s in the realm-management client roles. Go into the user in that realm you want to grant the role. select realm-management from the “Client roles” dropdown". Select manage-users (sorry, there is no manage-groups, but you need manage-users in order to modify groups).

1 Like

@xgp this approach works. Another approach I found is using a client credential as grant-type with a Service account will also give me access to generating tokens