Security Setup

Posted on

Configure Identity Management

The framework is compatible with any OpenID Connect compliant Identity Management Server. If you would like more information on other Identity Management integrations, or for assistance setting up Keycloak contact us to see how we can help.

The steps below will guide you through the initial steps needed to configure the user roles and how they interact with the solution. Security


All the resources in solution require authentication. i.e. users must be a member of a realm.


Roles and Groups together play a vital role in granting or restricting users with access of choice.

User Roles

The framework defines user roles which are standardized across all the products. During the installation process, component-specific variants of these roles are set up. These need to be added to the .env file to provide seamless integration:

  • formsflow-designer

– Design and manage electronic forms

  • formsflow-reviewer

– Receive and process online submissions.

– View metrics to obtain quantitative information about online submissions and the states they are in.

– View reports on analytics (slice ‘n dice the data within the form).

  • formsflow-client

– Fill in and submit the online form(s)

Roles are derived from claims extracted from the JWT’s returned during the login process. A user may be assigned multiple roles. User, group, and role creation and management are performed in Keycloak by the realm administrator.

Important notes about the interaction between users, groups, and roles:

  • Groups (and if needed, subgroups) are associated with roles
  • Note that there is no client for – there is no direct login capability on Keycloak for All form administration is performed from the UI
  • In practice, users are assigned to groups and thereby inherit the roles
  • Groups are also synced to Camunda so are available for task filtering, email notifications, etc.
  • In the current implementation, ONLY members of group camunda-admins can access the Camunda UI directly
  • There is some “under-the-covers” authorization going on concerning access between the UI, the API, and Camunda with the addition of audience mapping – basically allowing communication between components

For more information please visit the Identity Management page on GitHub.

Recommended Articles in the news

What the internet has been saying about your favourite low code form automation platform.…

Product updates: Version 5.2.0 –

This latest version of includes a range of features we're excited to share.…