About Authentication and Authorization in Cadenza
While the administration of permissions and Cadenza user groups as well as the assignment of permissions to the groups takes place entirely within Cadenza, the users themselves are managed outside of Cadenza. They are assigned to Cadenza groups based on configured rules directly after logging in to Cadenza.
User Management
Cadenza users are managed outside of Cadenza, in practice a system like LDAP or Keycloak is used (e.g. Microsoft Active Directory).
It is also possible to configure individual users with their access data in an XML file for test or demo purposes.
Login, Step 1: Authentication
It is possible to log in to Cadenza by explicitly entering the access data. On the other hand, an SSO service can be used so that the access data does not have to be entered interactively.
One or more authentication systems can be configured and we will explain how in this documentation.
Login, Step 2: Assignment of Users to the Existing Cadenza User Groups
There are different types of authorizations in Cadenza, which are often not assigned to individual users, but to entire user groups. These Cadenza user groups and their possible inheritance relationships are managed within Cadenza.
After authentication, the users must be assigned to the Cadenza user groups. The corresponding rules are defined by configuration. An existing division of users into groups in the LDAP or SSO system can be taken into account.
Login, step 3: Transferring Certain User Properties to Cadenza
User properties such as real name or email address, which are stored in the user management system, can be transferred to Cadenza during login so that they can be accessed there via user variables.
Which properties are transferred is determined by configuration.