We have recently been on a mission to bring more coherence to Camunda products by developing a common identity and access management solution. Our new product, called Camunda Account, offers Single Sign-On and Single Sign-Out while laying the foundation of a common user and role management across Camunda products and LDAP support.

The planning and development of Camunda Account requires continuous communication and collaboration across different teams and stakeholders. This new objective is put into practice by our new cross-functional Shared Services team. 

Our mission is to centralize services across the Camunda portfolio by harmonizing the Camunda user experience, enabling the Product teams to accelerate product-specific innovation and build new functionalities that improve the synergy among Camunda products overall.

In this article, you will learn more about the features that are part of Camunda Account today and get insight into our roadmap.

Single Sign-On and More

The main goal of the Camunda Account project is to store user credentials securely in one place for use across multiple Camunda products. To achieve this, we have implemented widely spread specifications and best practices such as:

  • OAuth 2.0, the industry standard protocol for authorization. Using this standard allows us to grant third-party applications limited access to our services. Access is obtained on behalf of a Camunda Account user.
  • OpenID Connect, an identity layer on top of the OAuth 2.0 protocol. It allows third-party applications to obtain information about authenticated users.
  • OWASP, a report put together by security experts that describes security problems for web applications. OWASP Top 10 focuses on the 10 most important risks.

Besides these security-based specifications and best practices, we are also planning to perform internal and external security audits in order to minimize security risks specific to our application.

In the following sections we will introduce some features that are currently available on our  Camunda Account application.

Single Sign-On

This feature allows users to log in once and use all available products without having to log in to each one separately. For the initial version of Camunda Account, we integrated with Cawemo and launched it on September 30, 2020.

A diagram of how the login flow works can be seen in the following picture:

To see for yourself how Single Sign-On through Camunda Account works, you can simply go to cawemo.com, click on Sign up for free or Login after which you will be redirected to our Camunda Account website where you can enter your credentials. After signing up, you will be redirected back to Cawemo. You are now successfully logged-in to Cawemo using Camunda Account!

The following GIF shows the Sign up and Login flow.

When we integrate Camunda Account with more products in the future, you will be able to log in once after the first redirect to Camunda Account and be automatically logged-in after every following redirect.

As we can see in the first picture, besides logging in or registering using email and password, users are also able to use Social Login through Google or LinkedIn. The flow works exactly the same way regardless of whether user credentials or a social login is used.

Use of existing accounts

The fact that logging in to Cawemo now requires a login through Camunda Account does not mean that you will have to create a new account. All existing accounts registered with Cawemo have already been migrated to Camunda Account, meaning that you can keep using your existing credentials. This will also be the case with all other Camunda products that we integrate with in the coming months. 

Profile page

You are able to update your profile information through Camunda Account and have it automatically sync up with Cawemo and other Camunda products. If you decide to change your email or password, you only have to do it once, as Camunda Account is a central user data provider for all products.

What’s next?

Camunda Account will evolve as we add more and more features. 

Some of the planned improvements in the near future are:

  • On-premise version – first Camunda product that we will integrate with on-premise will be Cawemo. If you are already using Cawemo on-premise, you will be able to migrate user data to Camunda Account on-premise version.
  • LDAP integration – LDAP is an industry standard protocol for accessing directory services. It is a very useful feature for enterprise users. It will allow you to connect Camunda Account on-premise version with your existing LDAP server and have users authenticate themselves through it. You will be able to choose if you want to store user data in a SQL database, or have the data read from a LDAP server.
  • Camunda Forums integration – logging in to our community forums will work the same way as logging in to Cawemo right now. You will be able to use the same account.
  • Camunda Cloud integration – users of Camunda Cloud products such as Operate, Optimize and Zeebe will also be able to authenticate themselves using Camunda Account.

Alongside developing these new features, we want to continuously work on the user experience and this is where we need your help.

What do you think?

Now it is your turn. You can try out Camunda Account on Cawemo by signing up, logging in and editing your profile. Keep in mind that you can use your Cawemo credentials, if you have used Cawemo before. Afterward, head over to our Forum Thread to let us know what you think about Camunda Account. Your feedback and suggestions will be very much appreciated.

  • Camunda Optimize 3.3.0-alpha1 Released

    We’re excited to announce the release of Camunda Optimize 3.3.0-alpha1. Camunda Optimize provides business activity monitoring for workflows, supporting continuous process improvement by providing transparency into your automated workflows and decisions. Business-friendly reports, dashboards, and alerts make it possible to identify process bottlenecks and improve end-to-end processes. If you’d like to get started with Optimize 3.3.0-alpha1 right away, you can download the release here with your Camunda Enterprise Platform customer credentials. And if you’re not yet a Camunda customer, you can sign up here for a free 30-day trial of the Camunda Enterprise Platform, which includes Camunda Optimize. In the rest of this post, we’ll highlight some of the new capabilities introduced in Optimize 3.3.0-alpha1. Dashboard Filter and Usability Improvements...

    Read more
  • Camunda BPM Runtime 7.15.0-alpha1 Released

    We are happy to share the first alpha release of Camunda BPM 7.15 with you! This release features the following improvements: Extend OpenAPI documentation New External Task Lock API Maven Project Templates New Tasklist Features 19 Bug Fixes You can Download Camunda for free or Run it with Docker. For a complete list of all improvements, take a look at the release notes. Please also see the list of known issues.If you want to dig in deeper, you can find the source code on GitHub. Extend OpenAPI documentation We added Open API descriptions for the following REST API endpoints: Batch Decision Definition To learn more about our Open API, visit our official documentation. New External Task Lock API With the 7.15.0-alpha1,...

    Read more
  • Camunda BPM Telemetry: Community FAQ

    Camunda BPM version 7.14 includes the option to turn on Telemetry as explained in this earlier blogpost. This anonymous data will be used to help us better understand what people are really doing with the engine and will make it easier for us to highlight the community influence on future roadmaps.  When any of us stakeholders bring new potential features to the table for an upcoming release, our opinion on its own isn’t enough to shift the roadmap. Any good proposal needs to be data-driven. At the moment, a lot of the data I bring along with my proposals comes from forum posts, individual requests on JIRA, and one-on-one conversations with community members at user groups or other events. This...

    Read more