Camunda and Okta SSO

I am building a workflow engine using camunda. I have made progress on it. But I want to make its admin panel such that it take authentication from OKTA where my other apps are present. I don’t want to have separate username and passwords specific to camunda. I have no idea how to do that. Please give some ideas to achieve it.
Basically what I have to do is, whenever any user lands on camunda login page, I have to redirect him to a particular okta’s URL and then okta will authenticate and returns the USER object. Now, the problem is whenever I am getting a user object, I have to make sure it to be in camunda database entry and have to skip camunda login page. How to do that is the main concern ?

I tried to find it on google but couldn’t find any good lead. Please help me out if you are having any idea ?

Thanks !!

1 Like

@gargvive take a look at building a custom Identity Provider:
and secure Camunda API through OKTA authorizations.

@StephenOTT That is what I wanted to know. I have already gone through the link you gave. I am totally new to all these things so sorry for silly questions. When I authorize user via okta then how camunda database got to know about its permission so that appropriate user can approve respective tasks. Is there any way to skip camunda login page after authorize from okta ?

StephenOTT: Thank you for the link. I am trying to achieve the same as topic author, but with Spring Security. That link has helped me a lot :slight_smile: I am still struggling to use Spring Security user context for login in embedded Camunda engine and embedd engine and webapp modules in one Spring Security webapp - did somebody tried to do that?

gargvive: As for permissions, you have to configure user permissions yourself in Camunda Admin Webapp, for example, with downloaded Camunda Tomcat distro and configure it to use your own database (in application context xml). Then you can use this database in your own application.

@ZSerg have you looked through the camunda spring docs and looked through the old google groups? (i don’t know enough about spring to answer your question, but i remember seeing lots of references and docs talking about spring such as:!topic/camunda-bpm-dev/vXMiz2wRStk!topic/camunda-bpm-users/GWpGRO4QcKU