Allowing only one active directory group for camunda cockpit usage

Hi there,

We plan to manage authentication and authorization via active directory groups in Camunda. There will be a tree dedicated to Camunda and tasks will be offered to every tasks’ own active directory groups. The main point is that we don’t want every user in these active directory groups to access cockpit screen. Whole company members can be included in active directory groups for tasks but only specific IT members should access the Camunda screens like Cockpit. Is there any way to realize this?

Thanks

Hi @alimercetin,

the Authorizations are managed in the Camunda database and refer to identities managed in the Active Directory: https://docs.camunda.org/manual/7.13/user-guide/process-engine/authorization-service/#basic-principles

You can allow to access to the application only to a few groups or users: https://docs.camunda.org/manual/7.13/user-guide/process-engine/authorization-service/#application-permissions

And be aware that authorizations need to enabled explicitly: https://docs.camunda.org/manual/7.13/user-guide/process-engine/authorization-service/#when-are-authorizations-checked

Hope this helps, Ingo