📄️ Realms, users and roles
Authentication and Authorization in the OpenRemote stack is powered by the Keycloak OpenID Connect Provider and utilises OAuth 2.0. Generally within in an instance of the OpenRemote stack the Keycloak server is accessible at: /auth but should only be used by advanced users that know what they're doing as you can completely break your instance.
📄️ Asset Security
The superuser has full access across all tenants (realms). An OpenRemote installation has only one superuser, and it's always named admin and it's always in the master realm. It cannot be renamed or deleted, just like the master realm. Any number of new realms and therefore tenants may be created.
📄️ Linking to Active Directory
Keycloak is the identity manager provider for the OpenRemote platform. It default uses its own Database with the Roles defined in the code for start up.