keycloak-scim/server_admin/topics/users/ref-user-credentials.adoc

// Module included in the following assemblies:
//
// server_admin/topics/users.adoc

[id="ref-user-credentials_{context}"]
= Defining user credentials

You can manage credentials of a user in the *Credentials* tab. 

.Credential management
image:{project_images}/user-credentials.png[user credentials]

ifeval::[{project_community}==true]
You change the priority of credentials by dragging and dropping rows. The new order determines the priority of the credentials for that user.
endif::[]
ifeval::[{project_product}==true]
This tab includes the following fields:

Position::
   The arrow buttons in the *Position* column allow you to shift the priority of the credential for the user.
endif::[]
The topmost credential has the highest priority. The priority determines which credential is displayed first after a user logs in.

Type::
   This column displays the type of credential, for example *password* or *OTP*.

User Label::
   This is an assignable label to recognize the credential when presented as a selection option during login. It can be set to any value to describe the
   credential.
   
Data::
   This is the non-confidential technical information about the credential. It is hidden, by default. You can click *Show data...* to display the data for a	
   credential.

Actions::
ifeval::[{project_community}==true]
   Click *Reset password* to change the passord for the user and *Delete* to remove the credential.
endif::[]
ifeval::[{project_product}==true]
   This column has two actions. Click *Save* to record the value or the user field. Click *Delete* to remove the credential.
endif::[]

You cannot configure other types of credentials for a specific user in the Admin Console; that task is the user's responsibility.

You can delete the credentials of a user in the event a user loses an OTP device or if credentials have been compromised. You can only delete credentials of a user in the *Credentials* tab.