Security Setup

Posted on

Configure Identity Management

The framework is compatible with any OpenID Connect compliant Identity Management Server. If you would like more information on other Identity Management integrations, or for assistance setting up Keycloak contact us to see how we can help.

The steps below will guide you through the initial steps needed to configure the user roles and how they interact with the solution. Security


All the resources in solution require authentication. i.e. users must be a member of a realm.


Roles and Groups together play a vital role in granting or restricting users with access of choice.

User Roles

The framework defines user roles which are standardized across all the products. During the installation process, component-specific variants of these roles are set up. These need to be added to the .env file to provide seamless integration:

  • formsflow-designer

– Design and manage electronic forms

  • formsflow-reviewer

– Receive and process online submissions.

– View metrics to obtain quantitative information about online submissions and the states they are in.

– View reports on analytics (slice ‘n dice the data within the form).

  • formsflow-client

– Fill in and submit the online form(s)

Roles are derived from claims extracted from the JWT’s returned during the login process. A user may be assigned multiple roles. User, group, and role creation and management are performed in Keycloak by the realm administrator.

Important notes about the interaction between users, groups, and roles:

  • Groups (and if needed, subgroups) are associated with roles
  • Note that there is no client for – there is no direct login capability on Keycloak for All form administration is performed from the UI
  • In practice, users are assigned to groups and thereby inherit the roles
  • Groups are also synced to Camunda so are available for task filtering, email notifications, etc.
  • In the current implementation, ONLY members of group camunda-admins can access the Camunda UI directly
  • There is some “under-the-covers” authorization going on concerning access between the UI, the API, and Camunda with the addition of audience mapping – basically allowing communication between components

For more information please visit the Identity Management page on GitHub.

Recommended Articles

Version 5.1.0 – Form Versioning,

Introducing v5.1.0 The latest release of introduces a number of new major…

Optimizing Hiring and Performance with

Intelligent automation powered by modern business process engines and drag-and-drop open source form builders…