In OPEA v1.2 release, Keycloak-based access management is integrated into GenAI Studio to enable multi-user tenancy. This allows admins to perform access control actions effieciently over Studio users, while users can manage their own workflows securely.
Overall, admins can perform the following actions in the admin console:
- Manage Studio users with Create, Read, Update, and Delete (CRUD) operations.
- Configure URLs for redirections.
- Apply an OPEA-based theme to the admin console and login pages.
The Keycloak microservice is included as part of the GenAI Studio setup. You can review its configurations in the Studio deployment manifest and customize values such as the admin name and admin password. These credentials will be used for the first-time login to the admin console.
To access the admin console, navigate to:
https://<studio_server_ip>:30007/auth/admin/master/console/#/genaistudio
Log in using the first-time credentials set in the Studio deployment manifest (default username: admin, password: admin) After logging in, you will see the following page:
To reset the admin login credentials, navigate to the Account Console from the admin dropdown located in the top-right corner of the page, as higlighted.
-
In the Keycloak Admin Console, you will find a pre-created realm named
genaistudio. Navigate to theClientstab in the left panel, where you will see a client namedgenaistudiowithin this realm. Click on thegenaistudioclient to review its configurations.
-
Under the Settings tab of the
genaistudioclient, you can review the preconfigured URL redirection settings. These settings are configured to work by default and generally do not require modification unless necessary.
-
Navigate to the
Userstab to view the list of registered users. Here, you can modify user information and credentials or click theAdd userbutton to create a new user. (Note: New users can also register themselves via the OPEA GenAI Studio login page.)
-
Enter the basic information for the new user, then click the
Createbutton to create a new user.
-
After creating the user, you will be redirected to the
User Detailspage. Go to theCredentialstab to set a password for the new user.
-
To approve the new user for GenAI Studio access, navigate to the
Groupstab. By default, all newly registered users are assigned to theunauthorized_usergroup. Click theLeavebutton to remove the user from this group.
-
Next, click the
Join Groupbutton, select the appropriate group for the user, and clickJointo confirm.
-
Group Definitions:
- admin: Admin users can view and modify workflows for all users in the studio.
- unauthorized_user: Newly registered users are assigned to this group by default. Unauthorized users cannot access the GenAI Studio.
- user: Regular studio users who have access to all features of the studio but cannot view workflows created by other users.
We have prepared OPEA-based login theme for admin console. To enable it, switch to Keycloak master realm and navigate to Themes tab under Realm settings. Choose opea from the Login theme and Admin theme dropdowns. Click on Save button to apply the changes.
After reloading the page, the new theme will be applied to the genaistudio realm.
The OPEA theme will also replace Keycloak's default theme on the admin console login page.
