User could not be deactivated...(Error code: 403)

Version: 

Domino 4x, 5.0~5.6

Issue: When trying to  deactivate users from the Admin UI,  you are presented with the message:

"User could not be deactivated. Please ensure your admin user has appropriate user management permissions in Keycloak. Error code:403. "

Why does the issue occur:

In Keycloak, the system administrator does not have themanage-users role for the realm-management to activate and deactivate users in Domino. Not having these permissions will result in receiving a 403 error indicating they are not authorized to perform the above actions.

Resolution:

Assign the admin account the manage-users role in Keycloak. On gaining access to Keycloak and setting the permissions, review subsection 'Access Keycloak' & Set permissions to activate / deactivate users here

Note:

The manage-users role is no longer needed as of Domino 5.7.