We have recently been on a mission to bring more coherence to Camunda products by developing a common identity and access management solution. Our new product, called Camunda Account, offers Single Sign-On and Single Sign-Out while laying the foundation of a common user and role management across Camunda products and LDAP support.
The planning and development of Camunda Account requires continuous communication and collaboration across different teams and stakeholders. This new objective is put into practice by our new cross-functional Shared Services team.
Our mission is to centralize services across the Camunda portfolio by harmonizing the Camunda user experience, enabling the Product teams to accelerate product-specific innovation and build new functionalities that improve the synergy among Camunda products overall.
In this article, you will learn more about the features that are part of Camunda Account today and get insight into our roadmap.
Single Sign-On and More
The main goal of the Camunda Account project is to store user credentials securely in one place for use across multiple Camunda products. To achieve this, we have implemented widely spread specifications and best practices such as:
- OAuth 2.0, the industry standard protocol for authorization. Using this standard allows us to grant third-party applications limited access to our services. Access is obtained on behalf of a Camunda Account user.
- OpenID Connect, an identity layer on top of the OAuth 2.0 protocol. It allows third-party applications to obtain information about authenticated users.
- OWASP, a report put together by security experts that describes security problems for web applications. OWASP Top 10 focuses on the 10 most important risks.
Besides these security-based specifications and best practices, we are also planning to perform internal and external security audits in order to minimize security risks specific to our application.
In the following sections we will introduce some features that are currently available on our Camunda Account application.
This feature allows users to log in once and use all available products without having to log in to each one separately. For the initial version of Camunda Account, we integrated with Cawemo and launched it on September 30, 2020.
A diagram of how the login flow works can be seen in the following picture:
To see for yourself how Single Sign-On through Camunda Account works, you can simply go to cawemo.com, click on Sign up for free or Login after which you will be redirected to our Camunda Account website where you can enter your credentials. After signing up, you will be redirected back to Cawemo. You are now successfully logged-in to Cawemo using Camunda Account!
The following GIF shows the Sign up and Login flow.
When we integrate Camunda Account with more products in the future, you will be able to log in once after the first redirect to Camunda Account and be automatically logged-in after every following redirect.
As we can see in the first picture, besides logging in or registering using email and password, users are also able to use Social Login through Google or LinkedIn. The flow works exactly the same way regardless of whether user credentials or a social login is used.
Use of existing accounts
The fact that logging in to Cawemo now requires a login through Camunda Account does not mean that you will have to create a new account. All existing accounts registered with Cawemo have already been migrated to Camunda Account, meaning that you can keep using your existing credentials. This will also be the case with all other Camunda products that we integrate with in the coming months.
You are able to update your profile information through Camunda Account and have it automatically sync up with Cawemo and other Camunda products. If you decide to change your email or password, you only have to do it once, as Camunda Account is a central user data provider for all products.
Camunda Account will evolve as we add more and more features.
Some of the planned improvements in the near future are:
- On-premise version – first Camunda product that we will integrate with on-premise will be Cawemo. If you are already using Cawemo on-premise, you will be able to migrate user data to Camunda Account on-premise version.
- LDAP integration – LDAP is an industry standard protocol for accessing directory services. It is a very useful feature for enterprise users. It will allow you to connect Camunda Account on-premise version with your existing LDAP server and have users authenticate themselves through it. You will be able to choose if you want to store user data in a SQL database, or have the data read from a LDAP server.
- Camunda Forums integration – logging in to our community forums will work the same way as logging in to Cawemo right now. You will be able to use the same account.
- Camunda Cloud integration – users of Camunda Cloud products such as Operate, Optimize and Zeebe will also be able to authenticate themselves using Camunda Account.
Alongside developing these new features, we want to continuously work on the user experience and this is where we need your help.
What do you think?
Now it is your turn. You can try out Camunda Account on Cawemo by signing up, logging in and editing your profile. Keep in mind that you can use your Cawemo credentials, if you have used Cawemo before. Afterward, head over to our Forum Thread to let us know what you think about Camunda Account. Your feedback and suggestions will be very much appreciated.