Identity

Use Identity in Camunda 8 Self-Managed to manage authentication, access, and authorization for your users and applications.

About Identity

Identity is included by default in the Docker Compose and Helm deployments of Camunda 8 Self-Managed, and is configured by default to use a packaged Keycloak instance as an identity provider (IdP).

• Administrators can use Identity to manage users, groups, roles, permissions, and applications within the Camunda 8 platform.
• Identity supports both users (interacting via Camunda UIs) and applications (interacting via Camunda APIs, such as job workers) with secure authorization based on OAuth 2.0 standards.
• Users can log in to Camunda 8 component UIs via an IdP login page. Applications can authenticate via machine-to-machine (M2M) tokens.
• You can also choose to integrate Identity with an external OIDC provider or connect to an existing Keycloak installation.

Get started with Identity

If you're new to Identity, get started by learning how to open and log in to the Identity interface.

• Get started with Identity

Configure Identity

Configure your Identity Keycloak and OIDC integration.

• Configure Identity

Authentication

Depending on your configuration, users and applications can authenticate with Camunda 8 via the IdP using the OAuth 2.0 protocol, using either a login page or M2M tokens.

• Authentication

Manage Identity

Manage and control access for your users and applications, using groups and roles/permissions (role-based access control).

• Manage users, groups, roles, and applications
• Manage access and permissions
• Manage tenants
• Mapping rules

Reference

• Monitoring Identity
• Configuration variables
• Configure logging
• Prepare Identity for production
• Keycloak resource management
• Starting configuration
• Troubleshoot Identity