Skip to main content

Manage users, groups, roles, and applications

Manage and organize your users and applications using groups and roles.

About managing users in Identity​

In Identity, a user represents a human who interacts with any Camunda 8 user interface (such as a web application).

  • You do not create or manage users in Identity itself. Users are managed in Keycloak or your connected IdP.
  • Identity allows you to organize and manage these users with groups and roles.

Groups​

Use groups to manage user access by organizing users into groups (group members) and assigning roles. Instead of assigning roles to individual users, map a set of roles to a group, with all group members automatically inheriting the role permissions.

Roles​

Use roles to simplify and standardize access control across your system, help enforce consistent permission sets, reduce errors, and scale access management as your organization grows.

Roles define the actions a user or application can perform in Camunda 8 by grouping together a set of related permissions. You can assign roles directly to a user or using groups.

Applications​

In Identity, an application represents an entity that can request Identity to authenticate a user or a service. Camunda 8 has a set of preconfigured applications, but as a user of Identity you can also add your own Applications.

For example, you can provide a service with M2M access to a Camunda 8 API, such as a custom job worker.