# SSO - KeyCLIC The [SSO](https://en.wikipedia.org/wiki/Single_sign-on) (or Single-Sign On) is handled by a [Keycloak](https://www.keycloak.org/) instance hosted on the server. The admin panel is available at [https://clic.epfl.ch/keyclic](https://clic.epfl.ch/keyclic) and users can manage their profile at [https://clic.epfl.ch/me](https://clic.epfl.ch/me). For now, each user has a `nextcloud_id` attribute, to remain compatible with accounts that were created directly on Nextcloud. New users should have their username as `nextcloud_id`, with the format `{name}.{surname}`. When there will be no remaining users with the `nextcloud_id` different than their `username`, you can update Nextcloud to use the username (`preferred_username`) and get rid of the `nextcloud_id` field. ## Adding new users Go to the KeyCLIC admin console here: [KeyCLIC Users](https://clic.epfl.ch/keyclic/admin/master/console/#/master/users) [![](https://clic.epfl.ch/wiclic/uploads/images/gallery/2025-04/scaled-1680-/image-1745950979355.png)](https://clic.epfl.ch/wiclic/uploads/images/gallery/2025-04/image-1745950979355.png) Click add user and fill in the following information: - **Required user actions**: Update Password, Verify Email - **Email verified**: leave this OFF - **Username**: `name.surname` - **Email**: EPFL email address if available (may be non EPFL user address for a user who is not at EPFL) - **First Name** & **Last Name**: you can fill in the user's name, or leave it for them to fill in later - **Nextcloud ID**: `name.surname`, same as username - **Groups**: select only the relevant groups for the user, for example members of a commission should only be in their commission group. Optionally, once the user is created, you can set their password to a temporary value (such as their email address). Leave the "Temporary" option on when creating the password, and ensure the options requiring them to verify their email and update their password are active. Otherwise, they can set their password by selecting the "Forgot password" option on the KeyCLIC login page.