Skip to main content
Version: 8.7

Keycloak resource management

When using Keycloak as an IdP, Identity uses the following Keycloak resources:

Identity resourceKeycloak resource (and how it is filtered)
ApplicationClient (without authorization)
Application/permissionsClient/Service Account roles
APIClient (with authorization)
API/permissionsClient/Roles
RoleRealm role (with attribute camunda_role=true)
Role/permissionsRealm role/Associated role
GroupGroup
Group/MemberGroup/Member
Group/Authorization*(not saved to Keycloak)
Group/RolesGroup/Role mapping
UserUser
User/Assigned roleUser/Role mapping
User/Authorization*(not saved to Keycloak)
Tenant*(not saved to Keycloak)
Tenant/Assigned user*(not saved to Keycloak)
Tenant/Assigned group*(not saved to Keycloak)
Tenant/Assigned application*(not saved to Keycloak)

* This resource is only activated with the relevant feature flag.