This documentation is for Dash Enterprise.
Dash Enterprise is the fastest way to write & deploy Dash apps and
10% of the Fortune 500 uses Dash Enterprise to productionize AI and
data science apps. Find out if your company is using Dash Enterprise.
This page applies to Dash Enterprise 5. If your organization uses Dash Enterprise 4, view information about user management at Admin Portal Reference.
To get the most out of this page, make sure you’ve read Using Keycloak.
With native Keycloak authentication, user information is stored in the Keycloak database and Keycloak acts as your identity provider. Your users log in and out through Keycloak.
We’ll help get you started by pointing out some important settings you may want to adjust and going over user management basics. We recommend reading the Keycloak documentation for a broader view of everything you can configure.
Make sure you’re in the Dash realm, and then select Realm Settings.
Realm-level settings are displayed.
Go to Login to review settings related to user login.
Review the default settings and make any adjustments as you see fit for your organization. If you choose to not allow user registration, you’ll need to manually create users.
Note that if you are turning on Forgot password and Verify email, you’ll need to provide information about your email server in the Email settings.
In the left sidebar, go to Authentication.
In Required Actions, you can customize what users are required to do before they can log in. To enforce a required action for all new users, turn on both Enabled and Default Action. Note that you can also set required actions for individual users by going to Users, selecting a user, and then configuring Required User Actions.
For descriptions of the required actions you may want to set, refer to Required Actions in the Keycloak documentation.
Some required actions make more sense depending on whether you turned on User registration in the Login settings:
By default, the Dash realm does not have a password policy. To set one, go to Password Policy. Refer to Password Policy Types in the Keycloak documentation for descriptions of the policy types in the Add policy list.
Groups are a convenient way for administrators to assign roles to many users at once, and for Dash app owners to give all the members of a group app co-ownership or viewer access. If you choose to use nested groups (where parent groups have child groups as members), note that child groups do not automatically inherit app co-ownership and viewer access that an app owner gives to its parent group. For app owners to give app co-ownership or viewer access to a group containing child groups, they need to add each child group. Child groups are displayed in the format “Parent group/child group” in Dash Enterprise.
Tip: If you will be creating users yourself, we recommend setting up any groups you want first in order to easily set the membership at user creation time.
Tip: If you are letting users sign up, consider using default groups to automatically add users to a group when they sign up. Go to Groups > Default Groups; then set one or more of your groups as default. You can change the default groups at any time, so you can work in waves— for example, you can instruct members of the finance department to sign up in a given week with the Finance group set as default, then move on to another team the following week.
You can view, create, edit, and delete groups in the Groups menu.
You can view, create, edit, and delete users in the Users menu.
To create a new user, select Add user; then fill out the user’s information.
Required User Actions is automatically filled with any required actions you set as default in the Authentication settings when you select Save, and additional settings become available.
In Credentials, provide a way for the new user to log in.
If the user needs an
licensed_user role, you can assign it directly in their Role Mappings, or you can add the user to a group that is mapped to the role they need.
Learn more in Roles and Permissions.