Camunda Cockpit enterprise expose to public users

Hello everyone,

I have a question regarding the camunda cockpit.

At the moment our camunda is running inside kubernetes without an ingress which means, to access it we have to do a port-forward.

Now the thing is that we need the enterprise version because of showing the history and more details. of course one way would be to develop a UI by ourselves and only allow the access to specific parts that we want.

But when a good UI as cockpit is already we could give it a try.

So my question is, can we have the cockpit accessible by specific users and also maybe make it an identity provider to keycloak for SSO?

So basically how safe is this to give it an ingress and make it accessible.

Hi @farhadnowzari,

You can restrict access to Camunda web apps by creating the proper authorization(s) which could be easily done through the admin app.

But still, it is highly recommended to also restrict access to the various Camunda-related resources (Process Definitions, Process Instances…) as per the needs.

You can give below great community extension a try to have Keycloak as an Identity Management solution

Thanks for your answer! it will help a lot in the decision.

So far it is important to restrict the user to a read only mode so they won’t be able to edit the variables, but maybe still be able to pause or resume a process!

Hi @farhadnowzari,

There are a lot of permissions that can be set. Below are the additional permissions available on the Process Definition resource (Suspend, Suspend Instance, …).