Skip to main content
Version: 8.8 (unreleased)

Introduction to Identity

Use the integrated Orchestration Cluster Identity component to manage Camunda 8 authentication, authorization, and entities.

About Identity

Identity provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs.

Identity includes the following features:

FeatureDescription
Unified access managementAuthentication and authorizations are handled by an orchestration cluster across all its components and APIs. This eliminates dependencies on external identity components for core orchestration capabilities.
Flexible authenticationIdentity supports three authentication modes:

  • No Authentication: Useful for local development and testing. Useful for local development and testing. Only available for Self-Managed deployments.

  • Basic Authentication: Simple user/password-based authentication for APIs. Only available for Self-Managed deployments.

  • OIDC: Integration with an OpenID Connect-compatible provider (for example, Keycloak, Microsoft Entra ID, Okta).

Fine-grained authorizationsAuthorizations provide granular control over resources like process instances, user tasks, and decisions, ensuring a robust security model.
Tenant managementMulti-tenancy is managed directly within an orchestration cluster, allowing for clear separation of resources.

Manage access

Depending on your setup, Identity allows you to manage Orchestration Cluster access as follows:

EntityDescriptionAvailability
UsersIndividuals who can access applications and perform actions based on their permissions.All deployments
GroupsSimplify access management by granting permissions collectively to groups of users.All deployments
RolesSets of permissions to define what actions can be performed on specific resources. Roles can be assigned to users and groups.All deployments
AuthorizationsThe specific permissions that connect users, groups, or roles with resources and actions (for example, READ, UPDATE, DELETE).All deployments
TenantsIsolate data within a single cluster. This is useful for multi-tenancy applications.Self-Managed only
Identity in Self-Managed

For documentation on deploying Identity as part of Camunda 8 Self-Managed, see Identity in Self-Managed.