Create a service account (client) in Keycloak, assign it a read-only role, and retrieve the client secret so AiStrike can authenticate via API.
Prerequisites
-
Admin access to the Keycloak Admin Console for the relevant realm (to create clients, roles, and assignments).
-
The realm name where the service account will live.
-
Network access to the Keycloak server from AiStrike public IPs:
3.135.165.25/32,3.148.24.98/32,52.15.138.222/32.
Step 1: Log in
Open the Keycloak Admin Console (e.g. https://your-keycloak-domain/auth/admin/) and log in with an admin account.
Step 2: Create a client (service account)
-
Go to Clients > Create client.
-
General settings: Client ID
AiStrike-Service-Account, protocol openid-connect, add a description. Click Next. -
Capability config: enable Client authentication and the Authentication toggle; leave other settings default. Click Next.
-
Login settings: leave all fields blank and click Save.
Step 3: Create a read-only role
Open the new client, go to the Roles tab, click Create Role, name it AiStrike-read-only-role, and save.
Step 4: Assign read-only permissions
Assign these read roles: view-applications, view-consent, view-groups, view-profile, read-token, query-clients, query-groups, query-realms, query-users, view-authorization, view-clients, view-events, view-identity-providers, view-realm, view-users.
Step 5: Assign the role to the service account
Go to Clients > AiStrike-Service-Account > Service Account Roles and assign AiStrike-read-only-role (or the corresponding read roles).
Step 6: Retrieve the client secret
On the client page, open the Credentials tab and copy the Client Secret securely.
Provide to AiStrike
-
Full Keycloak URL (e.g.
https://your-keycloak-domain/auth) -
Realm name
-
Service account (client) name:
AiStrike-Service-Account -
Client secret