Custom identity, authentication, and authorization


My organization is considering deploying a Camunda shared process engine. We have a completely centralized authentication and RBAC system and as such, I am looking to have all identity and authorization checks call out to the RBAC system.

Without digging too hard into the code, it seems that by providing my own implementations of IdentityService and AuthorizationSerivce (and their related interfaces) as process engine plugins, I should be able to accomplish what I am trying to accomplish. Is there anything else I need to look at/be aware of?


Hi @e3b0c442,

it should be easy to write your own identity service. The authentication service could be harder. Currently, there is no API to replace the authentication service.

What kind of authorizations do you want to check?

The built-in authentication service does two things: checks if the user is authenticated to execute a command (e.g. start a process instance) and limit the query result to the resources which the user is allowed to see (e.g. list process instances).

Best regards,