We want to centralise all access on AD. Thus no user will be setup on Camunda.
The security groups from AD should be used to give access to a particular task in the tasklist or to be able to start a process.
Please check approach below and advise if we can proceed this way:
Create a table to keep configuration / mapping for Camunda groups and AD security groups.
Camunda Groups AD Security Groups
Initiators Bank Initiators
Approvers Bank Approvers
Frontliners Bank Frontliners
Note: in the process definition, the above Camunda groups will be assigned to a candidate group.
When the user logs in, his security groups will be fetched from AD.
The security groups will be checked against the above table. Then the Camunda groups will be retrieved.
Use rest API to pass the groups in order to view tasklist or start process.