Introduction to Admin
Use the integrated Orchestration Cluster Admin (formerly Orchestration Cluster Identity) to manage Camunda 8 authentication, authorization, and cluster administration.
This was renamed in 8.9 to reflect its expanded scope and to avoid confusion with Management Identity.
About Admin
The Orchestration Cluster Admin interface centralizes all key administrative jobs for a single cluster. This interface manages identity and access control for cluster components, including Zeebe, Operate, Tasklist, and Orchestration Cluster APIs, while also handling other core features such as cluster variables and the global user task listener, giving administrators one clear place to configure and operate their clusters end to end.
Admin includes the following features:
| Feature | Description |
|---|---|
| Unified access management | Authentication and authorization are handled consistently across all Orchestration Cluster components and APIs. |
| Flexible authentication | Admin supports multiple authentication modes, including no authentication, Basic authentication, and OpenID Connect (OIDC), depending on the deployment type. |
| Tenant management | Multi-tenancy is managed directly within the Orchestration Cluster, allowing for clear separation of resources. |
| Cluster variables | Manage configuration values centrally across your cluster, making them available in FEEL expressions. |
| Global user task listeners | Configure cluster-wide listeners that react to user task lifecycle events across all processes. |
For details about authorization concepts, resources, and configuration, see Orchestration Cluster authorizations.
Manage access
Depending on your setup, Admin allows you to manage Orchestration Cluster access as follows:
| Entity | Description | Availability |
|---|---|---|
| Users | Individuals who can access applications and perform actions based on their permissions. | All deployments |
| Groups | Simplify access management by granting permissions collectively to groups of users. | All deployments |
| Roles | Sets of permissions to define what actions can be performed on specific resources. Roles can be assigned to users and groups. | All deployments |
| Authorizations | The specific permissions that connect users, groups, or roles with resources and actions (for example, READ, UPDATE, DELETE). | All deployments |
| Tenants | Isolate data within a single cluster. This is useful for multi-tenancy applications. | Self-Managed only |
For documentation on deploying Admin as part of Camunda 8 Self-Managed, see Admin in Self-Managed.