Skip to main content
Version: 8.7

Configure IDP

Configure IDP for your Camunda 8 setup and make sure IDP can access the required components and credentials.

Known limitations

The current known limitations of IDP are as follows:

LimitationDescription
Microsoft Entra IDUse of Microsoft Entra ID as an OpenID Connect (OIDC) identity provider in Self-Managed is not currently supported with IDP.
Multi-tenancyIf multi-tenancy is enabled, IDP can only be used by users who can access the <default> tenant.

Prerequisites

The following prerequisites are required for IDP:

PrerequisiteDescription
Amazon Web Services (AWS) IAM user and permissions

  • A valid AWS Identity and Access Management (IAM) user with permissions configured to allow access to Amazon Bedrock, Amazon S3, and Amazon Textract, such as:

    • AmazonBedrockFullAccess

    • AmazonTextractFullAccess

  • Access to the IDP Amazon Bedrock foundation models:

  • The access key pair (access key and secret access key) for this IAM user. This is required during IDP configuration.

Amazon S3 bucket

  • An Amazon S3 bucket that can be used by IDP for document storage during document analysis and extraction.

    The bucket name must be unique across all your AWS accounts.

Web Modeler

Cluster requirements

The following requirements apply for IDP application clusters:

RequirementDescription
Connector secretsYou must configure the required IDP AWS connector secrets on any cluster used with IDP.
Document handlingIDP requires a cluster that supports document handling. For example, a version 8.7 or higher cluster.
Cluster healthIDP applications and projects are only fully operational when linked to a healthy, active cluster. If needed, you can select an unstable or unhealthy cluster when first creating an IDP application, and change to a stable cluster when one is available.
info

To learn more about storing, tracking, and managing documents in Camunda 8, see document handling.

Configure IDP

Once you have completed all the required prerequisites, configure IDP in a suitable dev cluster as follows:

Add AWS connector secrets to cluster

Add the following AWS connector secrets required for IDP.

  • SaaS: Create and configure as connector secrets.
  • Self-Managed: Connector secrets are generally provided as environment variables, set via values.yaml or the command line. Add these connector secrets as environment variables for the Tasklist and Zeebe components. To learn more about using connector secrets in Self-Managed, see managing secrets in Helm charts and secrets in manual installations.
Connector secret KeyRequiredDescription
IDP_AWS_ACCESSKEYYesThe AWS access key ID used to interact with the Amazon S3 bucket.
IDP_AWS_SECRETKEYYesThe AWS secret access key associated with the IDP_AWS_ACCESSKEY.
IDP_AWS_REGIONYes

The AWS region where documents can be temporarily stored during Amazon Textract analysis. This should match the region where the Amazon S3 bucket is located.

Example: us-east-1 (default)

IDP_AWS_BUCKET_NAMEYes

The name of the Amazon S3 bucket you want to use for document storage during extraction.

Example: idp-extraction-connector

note
  • These connector secrets are used in IDP document extraction templates. See integrate IDP into your processes.
  • You can rename these connector secrets if you want to change the testing bucket used in other environments (such as test, stage or prod). If you do this, you must also change these names to match within the Authentication section of the Properties panel for any related published document extraction templates.

Example IDP deployment

The following examples show how you can deploy and configure IDP in your local development environment.

Camunda 8 Run

To use Camunda 8 Run to deploy and run Camunda 8 with IDP in a local development environment:

  1. Ensure you have completed the IDP Amazon Web Services (AWS) prerequisites and have obtained your AWS access key pair (access key and secret access key).

  2. Install Camunda 8 Run. For example, download the latest release of Camunda 8 Run for your operating system and architecture and open the .tgz file to extract the Camunda 8 Run script into a new directory.

  3. Navigate to the docker-compose-8.x folder in the new c8run directory.

    1. Open the connector-secrets.txt file, and add your AWS connector secrets.

      For example:

      IDP_AWS_ACCESSKEY=AWSACCESSKEYID
      IDP_AWS_SECRETKEY=AWSSECRETACCESSKEYGOESHERE
      IDP_AWS_REGION=us-east-1
      IDP_AWS_BUCKET_NAME=idp-extraction-connector

    2. Save and close the file.

    3. Configure document handling environment variables for the Tasklist and Zeebe components (for example, in the .env file).

  4. Start Camunda 8 Run via Docker Compose. For example, run ./start.sh --docker (or .\c8run.exe start -docker on Windows) in your terminal.

  5. Launch Web Modeler at http://localhost:8070 and log in with the username demo and password demo.

  6. Get started with IDP by creating a new IDP application in a Web Modeler project.

info

To learn more about using Camunda 8 Run to run Camunda Self-Managed locally, see Camunda 8 Run.

Docker

To use Docker to deploy and run Camunda 8 with IDP in a local development environment:

  1. Ensure you have completed the IDP Amazon Web Services (AWS) prerequisites and have obtained your AWS access key pair (access key and secret access key).

  2. Download the latest Camunda Docker Compose release artifact from the camunda-distributions GitHub repository, and extract the file contents to your desired directory.

  3. In the extracted directory:

    1. Open the connector-secrets.txt file, and add your AWS connector secrets.

      For example:

      IDP_AWS_ACCESSKEY=AWSACCESSKEYID
      IDP_AWS_SECRETKEY=AWSSECRETACCESSKEYGOESHERE
      IDP_AWS_REGION=us-east-1
      IDP_AWS_BUCKET_NAME=idp-extraction-connector

    2. Save and close the file.

  4. Configure document handling environment variables for the Tasklist and Zeebe components.

  5. Run Camunda 8 with Docker Compose. For example, run the following command in the extracted directory:

    Docker compose up -d

  6. Launch Web Modeler at http://localhost:8070 and log in with the username demo and password demo.

  7. Get started with IDP by creating a new IDP application in a Web Modeler project.

info

To learn more about using Docker Compose to run Camunda Self-Managed locally, see Docker Compose.