Phase 2: Configure Portal
In this phase, you activate the product, create an OAuth client, grant the required permissions, create a test user, and link the Portal to the client.
Prerequisites
- Phase 1 is complete and the Identity and Portal containers are running.
- The Identity Admin Console is reachable at
https://<hostname>:<identity_port>/admin. - A valid product key or license key obtained from the NQRust team.
Step 1 — Product activation
Open the Identity Admin Console in a browser:
https://<hostname>:<identity_port>/adminThe Identity server uses a self-signed TLS certificate by default. The browser will display a security warning — accept it to proceed.
Once you accept the security warning in the browser, you must accept the EULA to proceed. After that the Product Activation page is displayed.
| Field | Value |
|---|---|
| License key | License key is provided by the NQRust team. |
Click Activate License to activate the product.

After successful activation, the browser is redirected to the login page.
Step 2 — Log in to Identity Admin Console
Sign in with the default administrator credentials:
- Username:
admin - Password:
identity

Change the default administrator password immediately after the first login through Users → admin → Credentials.
Step 3 — Create a realm
A realm groups clients, users, and roles. Create a dedicated realm for the Portal as follows:
- In the left sidebar, click Manage realms (the shield icon at the top of the sidebar).
- Click Create realm.
- In the Realm name field, enter
nqrust. - Set Enabled to
On. - Click Create.

Step 4 — Create the Portal OAuth client
Ensure nqrust is the Current realm (the realm name is displayed at the top of the left sidebar). The wizard has three steps: General settings, Capability config, and Login settings.
To open the wizard:
- In the left sidebar, click Clients.
- Click Create client.
Step 4.1 — General settings
Fill in the General settings form:
| Field | Value |
|---|---|
| Client type | Leave as OpenID Connect. |
| Client ID | Enter nqrust-portal. This value is required. |
| Name | Enter a display label, for example NQRust Portal. |
| Description | Optional. Leave blank, or enter a short description such as OAuth client for NQRust-Identity Portal. |
| Always display in UI | Toggle to On. |
Click Next to continue.

Step 4.2 — Capability config
Configure the Capability config form:
- Client authentication — toggle to
On. - Authorization — toggle to
On. - Authentication flow — ensure the following are checked:
- Standard flow
- Service accounts roles
- PKCE Method — leave as
Choose...(no value).
Click Next to continue.

Step 4.3 — Login settings
The <hostname> placeholder below may be an IP address (for example 192.168.1.100) or a DNS name (for example portal.company.com). The value entered here must exactly match the address users will type in their browser. A mismatch causes login to fail with the error Invalid parameter: redirect_uri. If you are unsure, use the server's IP address.
Fill in the Login settings form using the hostname and Portal port:
| Field | Value |
|---|---|
| Root URL | https://<hostname>:<portal_port> |
| Home URL | https://<hostname>:<portal_port> |
| Valid redirect URIs | https://<hostname>:<portal_port>/api/auth/callback/keycloak |
| Valid post logout redirect URIs | https://<hostname>:<portal_port> |
| Web origins | https://<hostname>:<portal_port> |
Example with hostname 192.168.1.100 and Portal port 8083:
Root URL: https://192.168.1.100:8083
Home URL: https://192.168.1.100:8083
Valid redirect URIs: https://192.168.1.100:8083/api/auth/callback/keycloak
Valid post logout URIs: https://192.168.1.100:8083
Web origins: https://192.168.1.100:8083Click Save.

Step 5 — Assign service account roles to the client
The Portal client requires permission to manage realm resources (users, roles, clients) through the Identity REST API. These permissions are granted via the client's service account.
- On the
nqrust-portalClient details, click the Service accounts roles tab.

- Click Assign role. In the dialog, select Client roles (not Realm roles), because
realm-managementis itself a client. - In the search field, type
realm-management. - Select every role from the
realm-managementclient. The header checkbox selects only the current page, so navigate through each page using the pagination controls and check the header again. To complete this faster, increase the rows-per-page setting so all roles fit on a single page. - Click Assign.

The realm-management client provides roles such as manage-users, manage-clients, manage-realm, view-users, and view-clients. The Portal requires these roles to provision users, rotate secrets, and manage realm configuration.
Do not skip this step. Without the realm-management roles, the Portal fails to load user and role data, and some administrative features will not work.
Step 6 — Copy the client secret
After the client is configured, click the Credentials tab on the nqrust-portal Client details.
- Locate the Client secret field.
- Click the copy button to copy the Client Secret to the clipboard.
- Retain this value; it will be pasted into the installer in a later step.

Treat the client secret as a password. Do not share it or commit it to version control.
Step 7 — Create a user
At least one user is required in the nqrust realm to log in to the Portal.
- In the left sidebar, click Users.
- Click Add user.
- Fill in the user fields:
- Username — for example,
testuser. - Email — for example,
testuser@example.com. - Email verified — toggle to
On. - First name — for example,
Test. - Last name — for example,
User.
- Username — for example,
- Click Create.

Set the user password
After the user is created, the User details page opens. Set an initial password:
- Click the Credentials tab.
- Click Set password.
- Enter the password and confirmation.
- Set Temporary to
Offto skip forcing a password change on first login. - Click Save, then click Save password in the Set password? confirmation dialog.

For production deployments, leave Temporary set to On so each new user is required to set their own password after the first login.
Step 8 — Fill the Portal form in the installer
Return to the installer terminal. Either press i on the Identity success screen, or, if the installer was closed, re-launch it and select Install Portal from the Home menu.
The Portal form requires three values:
| Field | Description | Value |
|---|---|---|
| Realm Name | The realm created in Identity | nqrust |
| Client ID | The OAuth client ID | nqrust-portal |
| Client Secret | The secret copied from Identity | (paste from clipboard) |

Navigate to the Install button and press Enter to apply the configuration.
Step 9 — Portal restart
The installer updates the .env file with the new client configuration and restarts the Portal container:
docker compose up -d --force-recreate portal
Step 10 — Installation complete
When the Portal container restarts successfully, the final success screen displays the Portal URL:
Portal: https://<hostname>:<portal_port>
Step 11 — Verify the installation
Open the Portal URL in a browser:
https://<hostname>:<portal_port>The browser is redirected to the Identity login page served by the nqrust realm. Log in using the user created in Step 7.
After a successful login, the Portal home screen is displayed.

The NQRust-Identity Portal is now fully installed and ready for use.