These endpoints can be used for role, group and user management in Keycloak within the own tenant. Administrative tenant-specific information can be retrieved as well.They are provided by the TENANT-MANAGEMENT service.

The access to the endpoints has to be limited to administrative users as specified with the permission for /tenant-management/api/admin/** endpoints in the authentication-prod.yml configuration file.

The endpoints are used by the ARCHITECT Service that provides yuuvis® architect. If you want to use this service, do not change the default access condition that is matched with the YUUVIS_TENANT_ADMIN role.

As of 2022 Autumn, in the default configuration, users with the YUUVIS_MANAGE_SETTINGS role are allowed to manage users of their own tenant as well. They have access to all endpoints /tenant-management/api/admin/users/**. However, the following operations are not allowed for them:

Assigning the YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR roles.
Editing the data of users having the YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR role.
Deleting users having the YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR role.

HTTP Method as of product version	Purpose	Response Format	Description
GET 2020 Winter	Retrieve the Tenant data	JSON	Retrieves the tenant data as given in the Keycloak identity provider for the tenant of the calling user. `/tenant-management/api/admin/tenant`
GET 2020 Winter	Retrieve the Number of Users	TXT	Retrieves the number of all users of the tenant. `/tenant-management/api/admin/users/count`
POST 2020 Winter	Create a User	JSON	Creates a new user in the tenant with the given properties. `/tenant-management/api/admin/users`
POST 2020 Winter	Create a User via CSV	JSON	Creates users listed in a CSV-based file. `/api-tm/admin/users/batchcreate` Note: Keycloak does not offer an API for creating more than one user in one call. So you may want to create multiple users one by one by yourself.
GET 2020 Winter	Retrieve a User	JSON	Retrieves the data of the user specified by `id`. `/tenant-management/api/admin/users/{id}`
PUT 2020 Winter	Update the Data of a User	HTTP status code	Updates the data of the user specified by `id` with the data passed in the request body in JSON format. `/tenant-management/api/admin/users/{id}`
DELETE 2020 Winter	Delete a User	HTTP status code	Deletes the user specified by `id`. `/tenant-management/api/admin/users/{id}`
GET 2020 Winter	Retrieve a List of Users	JSON	Retrieves a list of all users within the tenant. As 2021 Autumn, the list can be filtered by applying query parameters. `/tenant-management/api/admin/users`
GET 2020 Winter	Retrieve the Roles	JSON	Gets all roles. `/tenant-management/api/admin/roles`
POST 2021 Autumn	Create a Role	JSON	Creates a new role for the tenant with the properties specified in the JSON request body. `/tenant-management/api/admin/roles`
DELETE 2021 Autumn	Delete a Role	JSON	Deletes the role specified by `name`. `/tenant-management/api/admin/role/{name}`
GET 2021 Autumn	Retrieve the Groups	JSON	Retrieves all groups with the assigned roles and members for the tenant. `/tenant-management/api/admin/groups`
POST 2021 Autumn	Create a Group	JSON	Creates a new group for the tenant with the properties specified in the JSON request body. `/tenant-management/api/admin/groups`
GET 2021 Autumn	Retrieve a Group	JSON	Retrieves the group specified by `id` with the assigned roles and members for the tenant. `/tenant-management/api/admin/groups/{id}`
PUT 2021 Autumn	Update a Group	JSON	Updates the data of the group specified by `id` with the data passed in the request body in JSON format.`/tenant-management/api/admin/groups/{id}`
DELETE 2021 Autumn	Delete a Group	JSON	Deletes the group specified by `id`. `/tenant-management/api/admin/groups/{id}`
GET 2021 Spring deprecated as of 2023 Autumn	Retrieve the Current Metrics	JSON	Reads the current metrics of the specified tenant. `/tenant-management/api/admin/metrics`

Browser not supported