Skip to main content
Version: 1.0



Tasklist provides two ways for authentication:

  1. Authenticate with user information stored in Elasticsearch
  2. Authenticate via Camunda Cloud Single Sign-On

By default, user storage in Elasticsearch is enabled.

User in Elasticsearch#

In this mode the user authenticates with username and password, that are stored in Elasticsearch. username and password for one user may be set in application.yml:

camunda.tasklist:  username: anUser  password: aPassword

On Tasklist startup the user will be created if not existed before.

By default, one user with username/password demo/demo will be created.

More users can be added directly to Elasticsearch, to the index tasklist-user-<version>_. Password must be encoded with BCrypt strong hashing function.

Camunda Cloud Single Sign-On#

Currently, Tasklist supports Single Sign On in Camunda Cloud environment. Camunda Cloud takes care of the configuration of Tasklist for Single Sign On, so you don't need normally to adjust following subsections.

Enable Single Sign-On#

Single Sign-On may be enabled only by setting Spring profile: sso-auth

Example for setting spring profile as environmental variable:


Configure Single Sign-On#

Single Sign-On needs following parameters (all are mandatory):

camunda.tasklist.auth0.domainDefines the domain which the user sees
camunda.tasklist.auth0.backendDomainDefines the domain which provides user information
camunda.tasklist.auth0.clientIdIt's like an user name for the application
camunda.tasklist.auth0.clientSecretIt's like a password for the application
camunda.tasklist.auth0.claimNameThe claim that will be checked by Tasklist. It's like a permission name
camunda.tasklist.auth0.organizationThe given organization should be contained in value of claim name

Example for setting parameters as environment variables: