Skip to main content
Version: 8.7

Identity

Use Identity in Camunda 8 Self-Managed to manage authentication, access, and authorization for your users and applications.

About Identity

Identity is included by default in the Docker Compose and Helm deployments of Camunda 8 Self-Managed, and is configured by default to use a packaged Keycloak instance as an identity provider (IdP).

  • Administrators can use Identity to manage users, groups, roles, permissions, and applications within the Camunda 8 platform.
  • Identity supports both users (interacting via Camunda UIs) and applications (interacting via Camunda APIs, such as job workers) with secure authorization based on OAuth 2.0 standards.
  • Users can log in to Camunda 8 component UIs via an IdP login page. Applications can authenticate via machine-to-machine (M2M) tokens.
  • You can also choose to integrate Identity with an external OIDC provider or connect to an existing Keycloak installation.

Get started with Identity

If you're new to Identity, get started by learning how to open and log in to the Identity interface.

Configure Identity

Configure your Identity Keycloak and OIDC integration.

Authentication

Depending on your configuration, users and applications can authenticate with Camunda 8 via the IdP using the OAuth 2.0 protocol, using either a login page or M2M tokens.

Manage Identity

Manage and control access for your users and applications, using groups and roles/permissions (role-based access control).

Reference