Disabling administrative user automatically created during KCP installation

Disabling administrative user automatically created during KCP installation


During installation of a platform (i.e., of a cluster with the control plane included), Kublr automatically creates the admin user to access Kublr UI and administrative functions of the platform as soon as it is installed.

The installation process includes step (required, cannot be omitted) when you need to provide a password for this user:

Kublr platform creation - Specifying password for automatically created admin user

For security’s sake, after cluster/control plane installation, you need to disable this automatically created user and create a new one with the safe permissions/credentials.


  1. As soon as your platform is installed, access its Keycloak UI via the platform page → CLUSTER tab → Features section (scroll down) → Keycloak link.

    NOTE Use admin user and password provided by you during platform creation to access.

  2. In Keycloak, go to Users, and click Add user.

  3. Set Username.

  4. Click Join Groups and include the user into the KublrFullAdmins group.

  5. Click Create. The new user is created, its page is displayed.

  6. Go to your user’s Role mapping tab.

  7. Click Assign role and assign the admin and realm-admin roles.

    Keycloak - Creating new admin user

  8. Go to the Credentials tab.

  9. Click Set password. Set and confirm the password, do not make the password Temporary (uncheck the option).

  10. Try to log in under the newly created user to check credentials and permissions.

  11. If the test was successful, in Keycloak, disable the initial admin user.