Hi Team,
We are utilizing Camunda in a multi-tenant model for our SaaS product. Our current authentication setup leverages Keycloak, where each customer is assigned a separate realm. This setup works well with our product, allowing each customer to use their own SSO via Keycloak.
However, we face a unique challenge when extending this to Camunda’s Operate and Optimize tools. We aim to have a single URL for these tools, where customers can log in and access their specific data. The primary issue is enabling customers to use their SSO with our SaaS product, configured in their respective Keycloak realms.
Current Setup:
- SaaS Product: Multi-tenant model using Keycloak for authentication.
- Keycloak: Each customer has a dedicated realm.
- Camunda: Deployed in a multi-tenant setup, but needs to integrate with the customer’s SSO.
Challenge:
- Providing a single URL for Operate and Optimize that allows customers to log in with their respective Keycloak SSO.
- Ensuring seamless SSO integration for each customer without manual realm switching.
Seeking Advice:
- How can we effectively implement this architecture?
- Are there any best practices or recommended configurations for integrating Camunda Operate and Optimize in a multi-tenant environment with Keycloak?
- Any suggestions on improving the user experience while maintaining security and isolation for each tenant?