We are in the process of implementing camunda engine for our workflows. I would like to best practice on user management.
We are basically authenticating users using LDAP in our application, but we don’t want to again authenticate in camuda engine and not in a position to store our users in camunda engine as well.
Camunda allows to view the tasks of the users only if the users are configured in the engine database.
Is there anyway through which we can track the user from camunda UI without saving the user information? Say when i use LDAP or use my own auth mechanism.
I haven’t got the big picture here, but I can comment on
This is not correct. Users and groups don’t need to be persisted in Camunda’s database. On Java API level, it is sufficient to call IdentityService#setAuthentication to tell the engine who the currently authenticated user is and what their group and tenant memberships are.
Now, in the Camunda web applications, the memberships are resolved via Camunda’s identity service, which can be configured to access the database or LDAP or a custom backend. This may be more or less easy to exchange. I am not an expert in that area.