Security Setup

Posted on

Configure Identity Management

The formsflow.ai framework is compatible with any OpenID Connect compliant Identity Management Server. If you would like more information on other Identity Management integrations, or for assistance setting up Keycloak contact us to see how we can help.

The steps below will guide you through the initial steps needed to configure the user roles and how they interact with the solution.

formsflow.ai Security

Authentication

All the resources in formsflow.ai solution require authentication. i.e. users must be a member of a realm.

Authorization

Roles and Groups together play a vital role in granting or restricting users with access of choice.

User Roles

The framework defines user roles which are standardized across all the products. During the installation process, component-specific variants of these roles are set up. These need to be added to the .env file to provide seamless integration:

  • formsflow-designer

– Design and manage electronic forms

  • formsflow-reviewer

– Receive and process online submissions.

– View metrics to obtain quantitative information about online submissions and the states they are in.

– View reports on analytics (slice ‘n dice the data within the form).

  • formsflow-client

– Fill in and submit the online form(s)

Roles are derived from claims extracted from the JWT’s returned during the login process. A user may be assigned multiple roles. User, group, and role creation and management are performed in Keycloak by the realm administrator.

Important notes about the interaction between users, groups, and roles:

  • Groups (and if needed, subgroups) are associated with roles
  • Note that there is no client for form.io – there is no direct login capability on Keycloak for form.io. All form administration is performed from the formsflow.ai UI
  • In practice, users are assigned to groups and thereby inherit the roles
  • Groups are also synced to Camunda so are available for task filtering, email notifications, etc.
  • In the current implementation, ONLY members of group camunda-admins can access the Camunda UI directly
  • There is some “under-the-covers” authorization going on concerning access between the formsflow.ai UI, the formsflow.ai API, and Camunda with the addition of audience mapping – basically allowing communication between components

For more information please visit the formsflow.ai Identity Management page on GitHub.

Recommended Articles

Security Setup

Configure Identity Management The formsflow.ai framework is compatible with any OpenID Connect compliant Identity…

Download and Installation
How to Download and Install formsflow.ai

Getting Started forsmflow.ai is open source and completely free to download and install. You…