Administration UI#

Curity comes with an advanced Admin Web User Interface (UI) which allows configuring and monitoring a single instance as well as a cluster.

The default port is 6749, so you should be able to open the UI by visiting http://localhost:6749/admin/ in a browser.

Main screen of the Admin Web UI
Main screen of the Admin Web UI. (Admin UI version: 10.6)

You can configure the UI to use another port, enable TLS, add user authorization and much more.

Setup#

The UI must be explicitly enabled by configuring web-ui .

That’s normally done when running the installation script, but you can also do that using the command line interface (CLI) .

admin@prod-curity1> configure
Entering configuration mode private
[ok][2025-01-14 16:56:29]

[edit]
admin@prod-curity1> edit environments environment
[ok][2025-01-14 17:06:25]

[edit environments environment]
admin@prod-curity1> set admin-service http web-ui
[ok][2025-01-14 17:06:27]

[edit environments environment]
admin@prod-curity1> commit
[ok][2025-01-14 17:06:31]

Authentication#

External Credential Storage#

By default, the Admin UI uses local accounts stored directly in the Curity Identity Server configuration. However, you can configure the Admin UI to use external data sources for account verification, such as Active Directory (AD) or other LDAP servers. This approach allows you to leverage existing identity infrastructure for managing admin accounts.

To use external credential storage, you must first configure a Data Source (such as LDAP) in the Facilities section, then create a Credential Manager that uses that Data Source. The Credential Manager can then be configured in the Admin Service settings to verify admin accounts against the external system. For detailed configuration steps, see Using AD for Admin UI Users.

Federated Login#

The Admin UI can be configured to enable federated login, allowing administrators to authenticate using external or internal identity providers. By default, administrators use local accounts created directly in the Curity Identity Server, but federated login provides two additional options:

  1. External OpenID Connect Provider - The Admin UI performs an OIDC flow directly to an external provider
  2. Internal OpenID Connect Provider - The Admin UI performs an OIDC flow to one of the Curity Identity Server’s Token Service Profiles, giving the most control over the login flow

Federated login can be configured with multi-factor authentication and allows managing company accounts in one place. Local account login can be disabled once federated login is configured. For detailed setup instructions, see the Federated Login to the Admin UI.

Access Control#

The Admin UI supports granular access control through a permissions system. Each component in the Admin UI has configurable permissions that control Create, Read, Update, and Delete (CRUD) privileges. Permissions can be applied to the UI, CLI, or RESTCONF interface independently.

When using external credential storage or federated login, the system looks for groups returned as part of the account verification. These groups can be used to set permissions throughout the Admin UI. For example, you can configure specific groups to have read-only access to certain configuration areas, or restrict which administrators can modify sensitive settings like client configurations or data sources. For more information on configuring permissions, see access control .

Learn More#

To learn more about the UI, check out some of these articles which all use the UI extensively:

Or watch some of these videos:

Was this helpful?