Introduction to Identity
Use the integrated Orchestration Cluster Identity component to manage Camunda 8 authentication, authorization, and entities.
About Identity
Identity provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs.
Identity includes the following features:
Feature | Description |
---|---|
Unified access management | Authentication and authorizations are handled by an orchestration cluster across all its components and APIs. This eliminates dependencies on external identity components for core orchestration capabilities. |
Flexible authentication | Identity supports three authentication modes:
|
Fine-grained authorizations | Authorizations provide granular control over resources like process instances, user tasks, and decisions, ensuring a robust security model. |
Tenant management | Multi-tenancy is managed directly within an orchestration cluster, allowing for clear separation of resources. |
Manage access
Depending on your setup, Identity allows you to manage Orchestration Cluster access as follows:
Entity | Description | Availability |
---|---|---|
Users | Individuals who can access applications and perform actions based on their permissions. | All deployments |
Groups | Simplify access management by granting permissions collectively to groups of users. | All deployments |
Roles | Sets of permissions to define what actions can be performed on specific resources. Roles can be assigned to users and groups. | All deployments |
Authorizations | The specific permissions that connect users, groups, or roles with resources and actions (for example, READ , UPDATE , DELETE ). | All deployments |
Tenants | Isolate data within a single cluster. This is useful for multi-tenancy applications. | Self-Managed only |
For documentation on deploying Identity as part of Camunda 8 Self-Managed, see Identity in Self-Managed.