Nexeed
    • Introduction
    • User manual
      • Basic operation
      • Getting started
      • User
      • Groups
      • Roles
      • Organizations
      • Contracts
      • Modules
      • Identity providers
        • General Settings for the Identity Provider
        • Mapper Overview
      • Reports
      • Activity log
      • My Account
        • Overview: Login Tab
      • Configuration
        • Contents of the configuration file
        • How to work with the configuration file
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • macma/macma-webapp-backend
        • macma/macma-core
        • macma/macma-keycloak-mssql
      • Migration from Previous Versions
        • Migration to 1.37+
        • Migration to 1.34+
        • Migration to 1.33+
        • Migration to 1.32+
        • Migration to 1.31+
        • Migration to 1.29+
        • Migration to 1.28+
        • Migration to 1.27+
        • Migration to 1.26+
        • Migration to 1.25+
        • Migration to 1.21+
        • Migration to 1.20+
        • Migration to 1.19+
        • Migration to 1.18+
        • Migration to 1.17+
        • Migration to 1.16.0
        • Migration to 1.15.0
      • Setup and Configuration
        • Helm Configuration
        • macma/macma-core Configuration
        • macma/macma-keycloak-mssql Configuration
        • macma/macma-webapp-backend Configuration
        • Installation guide
        • Identity provider integration
        • Optional Configuration
        • Recommendations
        • Module Health Verification Endpoints and K8S Probes
      • Start and Shutdown
      • Regular Operations
        • Registering a new application in MACMA
          • Allowing application to use other applications
        • Change client secret of an application
      • Logging and Monitoring
        • Required Monitoring
        • Security Logging
          • Macma Security Events
          • Keycloak Security Events
          • Security Logging Format
        • Activity Logging
          • Activity Log Events
      • Known Limitations
        • Performance
        • General
        • Allowed characters and Internationalization
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Frequent How-To Questions for Application Developers
        • Do automated testing
        • Advertise things to colleagues
        • Integrate with additional environments
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
    • Troubleshooting
      • Startup and availability
      • Identity provider integration
      • Resource deletion
      • Authentication
      • Authorization
    • API documentation
      • HTTP API
      • Event API
    • Glossary
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Multitenant Access Control
  • Operations manual
  • Setup and Configuration
  • Installation guide
1.37.1 1.37.0

Installation guide

Use installation specific passwords and ensure that passwords are being stored in a safe place.

After the initial setup, several MACMA components are started as kubernetes pods:

Deployment/StafefulSet Name Docker Container Name Docker Image Description

keycloak-22-statefulset

keycloak-22-pod

bcidockerregistry.azurecr.io/macma/macma-keycloak-mssql

Keycloak service used by MACMA. This image comes with build in Oracle and MsSql support

web-app-deployment

web-app-pod

bcidockerregistry.azurecr.io/macma/macma-webapp-backend

MACMA Webapp contains UI and the UI backend

macma-core-deployment

macma-core-pod

bcidockerregistry.azurecr.io/macma/macma-core

MACMA Core component used for tenant and resource management

The system can be access by two different user interfaces.

Name Address Credentials Information

User interface

https://<BASE_URL>

Interface to manage MACMA

Admin UI

https://<SUBDOMAIN>.<BASE_URL>/auth/admin or https://<BASE_URL><CONTEXT_PATH>/auth/admin

CONTEXT_PATH default: iam

user: admin
password: password

credentials as specified in this table, if not configured differently (see KEYCLOAK_USER, KEYCLOAK_PASSWORD in macma/macma-keycloak-mssql Configuration)

The Keycloak administrative UI can be found at [BASE_URL]/auth/admin. The credentials for logging in as an administrative user are user: admin, password: password, if not configured differently. It is highly recommended to change the default credentials during the setup (see KEYCLOAK_USER, KEYCLOAK_PASSWORD in macma/macma-keycloak-mssql Configuration. Once authentication is performed, the Keycloak administration UI is visible.

It is highly recommended that access to Keycloak administrative UI is limited to dedicated systems or local access.

After a fresh installation, the following Realms are available:

  • "Keycloak" (master) - Realm: This is the default administrative realm which has administrative privileges over all other realms of the system. This realm should not be touched except for creating additional system-wide administrator users.

  • " MACMA_PROVIDER_TENANT_NAME" - ( MACMA_PROVIDER_TENANT_ID) - Realm: This is the provider tenant for MACMA. See default tenant at bootstrapping recommended configuration for details on how to configure a different provider tenant.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses