Introduction to Identity
Use the integrated Orchestration Cluster Identity component to manage Camunda 8 authentication, authorization, and entities.
About Identity
Identity provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs.
Identity includes the following features:
| Feature | Description |
|---|---|
| Unified access management | Authentication and authorizations are handled by an orchestration cluster across all its components and APIs. This eliminates dependencies on external identity components for core orchestration capabilities. |
| Flexible authentication | Identity supports three authentication modes:
|
| Fine-grained authorizations | Authorizations provide granular control over resources like process instances, user tasks, and decisions, ensuring a robust security model. |
| Tenant management | Multi-tenancy is managed directly within an orchestration cluster, allowing for clear separation of resources. |
Manage access
Depending on your setup, Identity allows you to manage Orchestration Cluster access as follows:
| Entity | Description | Availability |
|---|---|---|
| Users | Individuals who can access applications and perform actions based on their permissions. | All deployments |
| Groups | Simplify access management by granting permissions collectively to groups of users. | All deployments |
| Roles | Sets of permissions to define what actions can be performed on specific resources. Roles can be assigned to users and groups. | All deployments |
| Authorizations | The specific permissions that connect users, groups, or roles with resources and actions (for example, READ, UPDATE, DELETE). | All deployments |
| Tenants | Isolate data within a single cluster. This is useful for multi-tenancy applications. | Self-Managed only |
For documentation on deploying Identity as part of Camunda 8 Self-Managed, see Identity in Self-Managed.