keycloak-scim/server_admin/topics/users/credentials.adoc

[id="ref-user-credentials_{context}"]
= User Credentials

You can manage credentials of a user in the *Credentials* tab. 

.Credential Management
image:{project_images}/user-credentials.png[]

The credentials are listed in a table, which has the following fields:

Position::
   The arrow buttons in the *Position* column allow you to shift the priority of the credential for the user. The topmost credential has the highest priority. The priority determines which credential is displayed first after a user logs in.

Type::
   This shows the type of the credential, for example *password* or *OTP*.

User Label::
   This is an assignable label to recognize the credential when presented as a selection option during login. It can be set to any value to describe the
   credential.
   
Data::
   This is the non-confidential technical information about the credential. It is hidden, by default. You can click *Show data...* to display the data for a	
   credential.

Actions::
   This column has two actions. Click *Save* to record the value or the user field. Click *Delete* to remove the credential.


You cannot configure other types of credentials for a specific user in the admin console; this is the responsibility of the user.

You can delete the credentials of a user in the event a user loses an OTP device or if credentials have been compromised. You can only delete credentials of a user in the *Credentials* tab.