Skip to main content
Version: Next

Starting configuration for Identity

Identity requires a set of base configurations to operate correctly. When Identity is started, it will create or update the following entities in Keycloak:

Clients

NameClient IDService accountsCreated/updated with component
Identitycamunda-identityenabledAll
Camunda Identity Resource Servercamunda-identity-resource-serverenabledAll
OperateoperateenabledOperate
Operate APIoperate-apienabledOperate
OptimizeoptimizeenabledOptimize
Optimize APIoptimize-apienabledOptimize
TasklisttasklistenabledTasklist
Tasklist APItasklist-apienabledTasklist
Web Modelerweb-modelerdisabledWeb Modeler
Web Modeler APIweb-modeler-apienabledWeb Modeler

Roles

NameCreated/updated with component
IdentityAll
OperateOperate
OptimizeOptimize
TasklistTasklist
Web ModelerWeb Modeler

Client scopes

NameProtocolDescription
camunda-identityopenid-connectA default client scope that contains mappers to augment the token generated with information required by the components of Camunda. Contains the mappers described in the mappers section.

Mappers

NameProtocol MapperDescription
emailoidc-usermodel-property-mapperAdds the email user attribute to the access, ID, and user info tokens using the claim name email.
full nameoidc-full-name-mapperAdds the user's full name to the access, ID, and user info tokens.
permissionsoidc-usermodel-client-role-mapperAdds the user's client roles to the access token with the claim name permissions.${client_id}.
audience resolveoidc-audience-resolve-mapperAdds the audiences the user has access to in the audience claim.