Helm chart basic authentication setup
By default, Camunda 8 Self-Managed uses basic authentication for all components deployed through the Helm chart. This method requires no additional configuration and is ideal for local or development environments.
Because basic authentication is enabled by default, components that depend on Management Identity (which implements OIDC/OAuth authentication) are disabled by default. These components include:
- Management Identity
- Console
- Web Modeler
- Keycloak
- Optimize
Default users
Two users are created by default:
| Username | Password | Role | Description |
|---|---|---|---|
demo | demo | admin | Initial administrative user |
connector | connector | connectors | Used by the Connectors component to authenticate with the Orchestration Cluster API |
For details on configuring initial users and their roles, see
Orchestration Cluster Identity initialization.
In Helm, arrays must be overwritten in full. If you change these configuration settings, keep in mind that the default array must be configured in your custom values.yaml if you want to keep those users and role assignments. For example, when adding the user foo or assigning roles to foo, keep also the values for the demo and connectors user.
Next steps
- To enable centralized authentication, see Internal Keycloak.
- To integrate with an external identity provider, see External OIDC provider.