Skip to main content

Starting configuration for Identity

The Identity component requires a set of base configurations to operate correctly. When Identity is started it will create or update the following entities in Keycloak:

Clients​

NameClient IDService AccountsCreated/Updated with component
Identitycamunda-identityenabledAll
Camunda Identity Resource Servercamunda-identity-resource-serverenabledAll
OperateoperateenabledOperate
Operate APIoperate-apienabledOperate
OptimizeoptimizeenabledOptimize
Optimize APIoptimize-apienabledOptimize
TasklisttasklistenabledTasklist
Tasklist APItasklist-apienabledTasklist
Web Modelerweb-modelerdisabledWeb Modeler
Web Modeler APIweb-modeler-apienabledWeb Modeler

Roles​

NameCreated/Updated with component
IdentityAll
OperateOperate
OptimizeOptimize
TasklistTasklist
Web ModelerWeb Modeler

Client scopes​

NameProtocolDescription
camunda-identityopenid-connectA default client scope that contains mappers to augment the token generated with information required by the components of Camunda. Contains the mappers described in the mappers section

Mappers​

NameProtocol MapperDescription
emailoidc-usermodel-property-mapperAdds the email user attribute to the access, ID, and user info tokens using the claim name email
full nameoidc-full-name-mapperAdds the user's full name to the access, ID, and user info tokens
permissionsoidc-usermodel-client-role-mapperAdds the users client roles to the access token with the claim name permissions.${client_id}
audience resolveoidc-audience-resolve-mapperAdds the audiences the user has access to in the audience claim