Use security groups from AD to access tasklist and start process in Camunda


#1

Hello,

We want to centralise all access on AD. Thus no user will be setup on Camunda.
The security groups from AD should be used to give access to a particular task in the tasklist or to be able to start a process.

Please check approach below and advise if we can proceed this way:

Create a table to keep configuration / mapping for Camunda groups and AD security groups.

Camunda Groups AD Security Groups
Initiators Bank Initiators
Approvers Bank Approvers
Frontliners Bank Frontliners

Note: in the process definition, the above Camunda groups will be assigned to a candidate group.

When the user logs in, his security groups will be fetched from AD.
The security groups will be checked against the above table. Then the Camunda groups will be retrieved.

Use rest API to pass the groups in order to view tasklist or start process.

Thanks.


#2

I didn’t get this part but the rest make sense.
Here are the docs related to LDAP: https://docs.camunda.org/manual/7.10/user-guide/process-engine/identity-service/#the-ldap-identity-service
Keep in mind to configure the authorizations of the groups to access only Tasklist,…


#3

Call the rest API using the groups from the custom table.
In this way, the rest API will get tasks for only for a particular candidate group.