Creating a New Agent User

Introduction

User management using an external backend (we use Keycloak at the time of writing) works differently in osTicket compared to other common OIDC-implemented applications.

While common OIDC implementations used role-based authentication to determine a user's access level which automatically assigns permissions depending on their role, the osTicket OpenID plugin requires the administrator to add the user manually.

However, a manually created user in this application can still be linked to a user in Keycloak. Users are identified by osTicket from OIDC via email. Therefore, if Keycloak happens to be down, then an agent can still log in using their email and a separate password set specifically for osTicket.

How to Create an Agent User

Obtaining Prior Information

In order to create a support agent, you will need:

• The user's email used in Keycloak
• The user's username (optional, but keeps things consistent)

Navigate to the User Creation Page

In order to create a user, you must have the account permission to do so.

First, navigate to the osTicket Admin Page. This can be done by:

• Navigate to https://support.fireantllcaz.net/scp and log into your account.
• Click on Admin Panel at the top-right of the page. If you see Agent Panel instead, then you do not have permission to view the admin panel.
• Click on the Agents tab.
• Click on Add New Agent.

Creating a User

Filling out the form should be pretty straightforward.

1. Fill out the user's first and last name.
2. Enter the email address obtained from Keycloak.
3. Fill out the user's username.
4. Set the Authenticaion Backend to Fireant LLC.
5. Fill out additional entries as necessary.
6. Switch to the Access tab and select the Primary Department for the user. If unsure, assign the user to Support with All Access.
7. Switch to the Permissions tab and choose the permissions you would like to assign the user with.
8. Click Create.

Once that's done, make sure the user is able to log in at https://support.fireantllcaz.net/scp.