I have been assigned with a task to remove Identity component from Camunda-8 self hosted deployment without disabling the authentication and authorization flow. I am looking to integrate enterprise Okta with Camunda-8 completely replacing Identity Component (No FOSS).
Hi @hamid, welcome to the forums! You can replace Keycloak with your own OIDC provider; however, Identity is the component that allows for OIDC integrations, so it cannot be fully replaced in Camunda 8 Self-Managed.
Thanks @nathan.loding for your quick reply.
Here with reference to this article, How Open is Camunda Platform 8? | Camunda I could learn that Identity component is only free for non-production use. So, if I am looking to have authentication and authorization facility in my setup, hence does it need to write another solution entirely from scratch that provides similar features as Identity component ?
please help me if my understanding correct on it ?
@hamid - the licensing depends on what version of Camunda you are using. In short, starting with version 8.6, you need a license for production use; Zeebe, and only Zeebe, is free to use in production <= 8.5. (See blog links below for more information.)
For people using just Zeebe in production, the recommendation is often to disable authentication within Zeebe and manage it yourself using network security (firewalls) and your own application. Requests would hit an application you control that proxies/forwards the request to Zeebe; your network would be configured to only allow your internal services access to Zeebe while blocking all other requests.
Thanks @nathan.loding for your support.