diff --git a/deploy/openshift/templates/multi/keycloak-template.yaml b/deploy/openshift/templates/multi/keycloak-template.yaml
index 2be70dcb94..b66d0097d6 100644
--- a/deploy/openshift/templates/multi/keycloak-template.yaml
+++ b/deploy/openshift/templates/multi/keycloak-template.yaml
@@ -44,9 +44,9 @@ objects:
           - name: POSTGRES_PASSWORD
             value: keycloak
           - name: KEYCLOAK_USER
-            value: admin
+            value: "${KEYCLOAK_USER}"
           - name: KEYCLOAK_PASSWORD
-            value: admin
+            value: "${KEYCLOAK_PASSWORD}"
           - name: PROTOCOL
             value: "${PROTOCOL}"
           - name: ROUTING_SUFFIX
@@ -144,6 +144,14 @@ parameters:
   displayName: htpps or http protocol
   description: Protocol to be used in Che communications
   value: http
+- name: KEYCLOAK_USER
+  displayName: Keycloak admin user
+  description: Default Keycloak admin user
+  value: "admin"
+- name: KEYCLOAK_PASSWORD
+  displayName: Keycloak admin password
+  description: Default Keycloak admin password. Can be changed after login
+  value: "admin"
 - name: ROUTING_SUFFIX
   displayName: Routing suffix of your OpenShift cluster
   description: This is the suffix appended to routes in your OpenShift cluster <route>.<project>.<routing_suffix>
diff --git a/dockerfiles/keycloak/kc_realm_user.sh b/dockerfiles/keycloak/kc_realm_user.sh
index 92fa90be03..21d98f0fc4 100755
--- a/dockerfiles/keycloak/kc_realm_user.sh
+++ b/dockerfiles/keycloak/kc_realm_user.sh
@@ -13,9 +13,6 @@ cat /scripts/che-users-0.json.erb | \
                                   sed -e "/<% end -%>/d" | \
                                   sed -e "/\"requiredActions\" : \[ \],/d" > /scripts/che-users-0.json
 
-cp /scripts/master-users-0.json.erb /scripts/master-users-0.json
-cp /scripts/master-realm.json.erb /scripts/master-realm.json
-
 if [ "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}" == "false" ]; then
     sed -i -e "s#\"UPDATE_PASSWORD\"##" /scripts/che-users-0.json
 fi
@@ -24,6 +21,12 @@ cat /scripts/che-realm.json.erb | \
                                 sed -e "s@<%= scope\.lookupvar('che::che_server_url') %>@${PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}@" \
                                 > /scripts/che-realm.json
 
+echo "Creating Admin user..."
+
+if [ $KEYCLOAK_USER ] && [ $KEYCLOAK_PASSWORD ]; then
+    /opt/jboss/keycloak/bin/add-user-keycloak.sh --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD
+fi
+
 echo "Starting Keycloak server..."
 
 /opt/jboss/keycloak/bin/standalone.sh -Dkeycloak.migration.action=import \
