What is Identity?
Identity in the Camunda 8 stack is handled by two distinct components: Identity for Orchestration clusters, and Identity for Web Modeler, Console, and Optimize. In both cases, Identity is responsible for managing authentication and authorization within the Camunda 8 stack, but each implementation requires different configurations. In the case of Web Modeler, Console, and Optimize, Identity must be set up independently.
For more information on these differences, see the Self-Managed reference architecture.
The following guides are on Identity configuration in Self-Managed environments. For information on Identity use and management, see the user guides.
Identity for Orchestration clusters
Identity is included by default in the Orchestration cluster, and does not require any external dependencies. For more information, see the Identity configuration options.
Identity for Web Modeler, Console, and Optimize
For Web Modeler, Console, and Optimize deployments, Identity runs as a separate and dedicated component. For more information, see the guides on using an existing Keycloak instance, and connecting to an OIDC provider.
Once deployed, Identity manages the following in Web Modeler, Console, and Optimize:
- Applications
- APIs
- Roles
- Permissions
For example, using Identity you can:
- Manage roles, which is a way to group sets of permissions which can be assigned to users using the Identity UI.
- Manage permissions to control the level of access a user or an application has to a particular component.
- Manage groups to apply a set of roles and authorizations to users.
- Manage resource authorizations to control resource access within the Identity application.
- Utilize configuration variables.