Is Camunda 8 SaaS Professional + custom Tasklist UI a supported use case?

Short version of my question: with Camunda 8 SaaS Professional, is human task orchestration with a self-hosted Tasklist UI a supported use case at present?

Long version:

In Camunda 7 we have a JSON process variable containing a list of items, and some simple custom JavaScript that renders the list. We did this with Camunda 7 embedded forms: cam-script, etc. In Camunda 8, the Tasklist UI does not have an embedded forms equivalent. So to get similar functionality, we need to roll our own UI implementation.

The Tasklist API is authenticated via machine-to-machine OAuth. Therefore we have to wrap the Tasklist API in an API we control, where we can insert our client ID and secret. We followed the example here: GitHub - camunda-community-hub/camunda-cloud-tasklist-api-nestjs

Now we’re looking at adding users and groups into the mix, and the path forwards is unclear.

The “Task User” role - as seen in the Console and listed on the new pricing page - grants “Full access to Tasklist and read-only access to clusters”, but seems to be relevant only when using the SaaS Tasklist app with its limited forms.

Without Identity, I can’t see any mechanism for adding groups, or users to groups.

I found a hint of a way forward on a Camunda blog post:

When using Camunda Platform 8 – SaaS, you can choose from a range of integration possibilities, including SAML and OpenIDConnect. Please reach out to us via our support channel if you would like us to set up SSO for your organization.

I will reach out via that support channel. But the fact that this option isn’t more prevalent in the docs, plus the machine-to-machine Tasklist API OAuth, plus the lack of support for groups in the Console makes me think that Camunda 8 SaaS plus a custom Tasklist UI is not a supported use case, for now at least. Am I reading that right?

1 Like

Hello @danjacka ,

yes it is! I have a solution at hand.
Regarding the identity and authentication problem:

I have separated authentication of the user at tasklist from the authentication of the tasklist app at Camunda Tasklist in SaaS using a custom backend which redirects GraphQL requests and responses and is able to modify them on the fly. I add headers for the request and enhance/filter/replace data in the response.

Here is an example: camunda-8-code-examples/camunda-8-process-application at main · camunda-consulting/camunda-8-code-examples · GitHub

I hope this helps


1 Like