Keycloak provider service account


I am busy setting up the PrivacyIdea provider in Keycloak.

For integrated token enrollment the readme in GitHub - privacyidea/keycloak-provider: 🔒 OTP Two Factor Authentication Provider for Keycloak to run with privacyIDEA tells me to create / use a service account and says: Please make sure, that the service account has the correct rights..

However it does not say what “the correct rights” are and I am unable to find it elsewhere in the docs.
That leaves me with the question: what are the settings / rights needed for such a service account?

– Kees.

it has to be an admin user with the rights “trigger_challenge”. But only if you are defining rights. If you have no rights defined, all rights are given by defaults.
Admins are added with

pi-manage admin add