AW Users
Add Adventure Works users ..
Add AW Users
In this hands-on workshop, you'll learn how to create test users in Keycloak to validate your identity federation and community setup between Keycloak and PDC. We'll walk through adding Adventure Works employees across different organizational roles, setting up their credentials, and preparing them for group membership assignment that demonstrates the complete WHO + WHAT identity governance pipeline.
By the end of this workshop, you will be able to:
Create enterprise users in Keycloak with proper organizational context
Configure user credentials and authentication settings for testing scenarios
Understand the difference between test user creation and production directory synchronization
Prepare users for group membership assignment and role inheritance testing
Establish realistic test scenarios that mirror production organizational structures
Validate identity federation workflows with representative user personas
Create the foundation for testing data governance access controls
Workshop Test Users: You'll create six key Adventure Works employees representing different organizational functions:
Sarah Johnson - Sales Analyst (sales data access testing)
Michael Chen - HR Specialist (employee data governance testing)
Elena Rodriguez - Data Steward (cross-domain governance testing)
David Park - Compliance Officer (regulatory oversight testing)
James Lock - System Administrator (full administrative access testing)
Hugo Reilly - Database Administrator (data source testing)
Production Note: In real enterprise environments, these users would automatically synchronize from your corporate directory (Active Directory/LDAP) rather than manual creation, but this workshop demonstrates the complete user lifecycle for testing and validation purposes.
This workshop establishes the user foundation needed to test your complete identity federation setup, ensuring that organizational roles properly translate into data access permissions through the Keycloak-to-PDC integration.
Log into Keycloak:
Username: admin
Password: admin
Ensure you select the Pentaho Data Catalog Realm.
Select: Users > Add User
Enter the following details to add AW users:
Complete the next steps - Credentials & Groups - to complete User profile:
Credentials
Credentials serve as the primary mechanism for verifying user identity. Keycloak supports various credential types (passwords, OTP tokens, certificates, WebAuthn) that ensure only authorized users can access protected resources.
Select: Credentials tab.
Set password Welcome123!
Ensure Temporary is Off.
Save.
Test that you can log into Data Catalog.
All new users will will be assigned the default-roles-pdc role with limited access.
Groups & Inheritance
in Keycloak, group membership is not automatically inherited upward through the group hierarchy. If you add a user to the deepest child group, they will only be a direct member of that specific group.
However, the user will inherit all the roles and attributes that are assigned to the parent groups in the hierarchy. So while they won't show up as explicit members of the main group and first child group, they will effectively have all the permissions and attributes from those parent groups.
Group Membership:
User is only a direct member of the deepest child group
User does not appear in the member lists of parent groups
Role/Attribute Inheritance:
User inherits all roles assigned to the deepest child group
User also inherits all roles assigned to the parent child group
User also inherits all roles assigned to the main group
Just select the child group
sarah.johnson
Sales_Division
Sales_Analysts
michael.chen
HR_Division
HR_Specialists
elena.rodriguez
Data_Governance
Data_Stewards
david.park
Data_Governance
Compliance_Officers
james.lock
IT_Operations
System_Administors
Select: Groups tab.
Click: Join Group
Click: Join
Repeat for the other Users - see table above.
Last updated
Was this helpful?