Managing Users
The Platform allows granting users specific permissions over the application elements. For more details, please refer to Section Setting Permissions.
Users are managed through Keycloak, which provides administrators with a centralized management interface.
Among other features, it allows LDAP, OIDC and SAML2 integration as well as single sign on and social networks authentication.
Keycloak mainly relies on the following concepts:
-
Roles, which represent types or categories of users.
The Platform allows the definition of permissions for specific roles. It is highly recommended to assign access and permissions to roles rather than to users. Roles are the core concept in the security design. There can be 'functional' and 'technical' roles. For example, a user with the role "Planner" could be allowed to create a new plan, while a user without this role would not. For more details, please refer to Section Managing User Roles.
-
Groups, which represent logical aggregations of users.
Groups will often mimic your internal organization. Groups provide ways to manage users: roles can be associated with groups then users added to this group will automatically inherit group roles. Groups are a Keycloak concept, which does not surface in the Application. For more details, please refer to Section Managing User Groups.
-
Users, which are represent the entities that can log into the application.
They are the stakeholders of the system. They are used to defining a fine-grained security. A user can represent an end user or a component of the system. For more details, please refer to Section Managing User Accounts.
Note that:
-
The Keycloak interface is only available if the application is running. For more details, please refer to Chapter Building and Running the Application.
-
This Chapter focuses on Keycloak embedded user database configuration. Note that Keycloak comes with multiple documentation topics (installation, administration, customization, etc.). However, Platform developers should focus on the Server administration documentation for configuration information. For more details, please refer to the official Keycloak Documentation.