docs: Rename Orchestration Cluster Identity to Admin (8.9)#8093
docs: Rename Orchestration Cluster Identity to Admin (8.9)#8093
Conversation
| Users now require wildcard (`*`) permissions for the resource type and permission type being accessed. | ||
|
|
||
| For guidance on assigning permissions in Identity, see the [Identity authorization guide](../../components/identity/authorization.md). | ||
| For guidance on assigning permissions in Identity, see the [Identity authorization guide](../../components/admin/authorization.md). |
There was a problem hiding this comment.
Should decide if we rename here to Admin?
| | Identity component access | `Component` | `identity` or `*` (for access to all web components) | `ACCESS` | | ||
| | Authorization type | Resource type | Resource ID | Permission | | ||
| | :---------------------- | :------------ | :--------------------------------------------------- | :--------- | | ||
| | Admin component access | `Component` | `identity` or `*` (for access to all web components) | `ACCESS` | |
There was a problem hiding this comment.
do we require a different resource ID here moving forward?
| description: "Identity provides unified identity management and authorizations for an orchestration cluster." | ||
| id: admin-introduction | ||
| title: Introduction to Admin | ||
| description: "Admin is the cluster-level admin UI for managing identity and access control for an orchestration cluster." |
There was a problem hiding this comment.
Changed it to
Admin is the cluster-level admin UI for managing authentication, authorization, and administration for an orchestration cluster
But I assume a description with more details around the "administration" element would be preferable. We might need help from Product for this though.
There was a problem hiding this comment.
Updated to
Admin is the cluster-level admin UI for managing administrative jobs for an orchestration cluster.
The "About Admin" section provides more details about these jobs.
| Admin provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs. | ||
|
|
||
| Identity includes the following features: | ||
| Admin includes the following features: |
There was a problem hiding this comment.
Can we get a list of these features? Our team does not typically work on this component and although I can start admin and see the different tabs it might be preferable for the list to come from someone with good knowledge of that component.
There was a problem hiding this comment.
@StevePascoe can you also help with this? We basically need to populate this table of feature->description with all features of the admin component.
| ## About Admin | ||
|
|
||
| Identity provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs. | ||
| Admin provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs. |
There was a problem hiding this comment.
Who can help write a comprehensive list of these features?
| :::info Learn more | ||
|
|
||
| - [Identity](/components/identity/identity-introduction.md) | ||
| - [Identity](/components/admin/admin-introduction.md) |
| </div> | ||
| <div className="release-announcement-content"> | ||
|
|
||
| #### Orchestration Cluster Admin renamed to Admin |
|
|
||
| #### Orchestration Cluster Admin renamed to Admin | ||
|
|
||
| Starting with Camunda 8.9, the Orchestration Cluster Admin component has been renamed to **Admin** (also referred to as Orchestration Cluster Admin). |
| </tr> | ||
| <tr> | ||
| <td>[Admin](#identity-renamed-to-admin)</td> | ||
| <td><ul><li>Orchestration Cluster Admin has been renamed to Admin.</li></ul></td> |
|
|
||
| ## Identity renamed to Admin | ||
|
|
||
| ### Orchestration Cluster Admin renamed to Admin |
|
|
||
| ### Orchestration Cluster Admin renamed to Admin | ||
|
|
||
| Starting with Camunda 8.9, the Orchestration Cluster Admin component has been renamed to **Admin** (Orchestration Cluster Admin). |
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
19d4969 to
af12d48
Compare
|
👋 🤖 🤔 Hello, @georgios-goulos! Did you make your changes in all the right places? These files were changed only in docs/. You might want to duplicate these changes in versioned_docs/version-8.8/.
You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines. |
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
3 times, most recently
from
4256c03 to
9bb9684
Compare
| Admin provides a unified and secure way to control access and administer all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs. | ||
|
|
||
| Identity provides a unified and secure way to control access to all Orchestration Cluster components, including Zeebe, Operate, Tasklist, and APIs. | ||
| <!-- TODO: Document additional Admin features beyond identity management when available --> |
There was a problem hiding this comment.
TODO: ADDRESS BEFORE MERGING
There was a problem hiding this comment.
Suggested description:
"The Orchestration Cluster Admin interface centralizes all key administrative jobs for a single cluster. This interface manages identity and access control for cluster components, including Zeebe, Operate, Tasklist, and APIs, while also handling other core features such as cluster variables, secrets, backups and restores, the global user task listener, and license information, giving administrators one clear place to configure and operate their clusters end to end."
|
|
||
| :::note | ||
| Management Identity is separate from the [Identity component within the Orchestration Cluster](/self-managed/components/orchestration-cluster/identity/overview.md), which handles authentication for Zeebe, Operate, Tasklist, and Orchestration Cluster API. | ||
| Management Identity is separate from the [Admin component within the Orchestration Cluster](/self-managed/components/orchestration-cluster/admin/overview.md), which handles authentication for Zeebe, Operate, Tasklist, and Orchestration Cluster API. |
There was a problem hiding this comment.
Given the renaming, Management Identity cannot be confused with OC Admin so I don't think this line adds much value anymore and should be removed.
There was a problem hiding this comment.
I agree that the naming is no longer confusing but we should call out that there are two identity stacks to deal with, one in Management Identity and one in OC Admin.
Maybe we combine the first paragraph with the note:
"Management Identity controls who can sign in to Console, Modeler and Optimize which is separate from the cluster identity stack, provided by the Admin component, which controls access to Zeebe, Operate, Tasklist, and the Orchestration Cluster API within each cluster."
| id: identity-as-code | ||
| title: Identity as Code | ||
| description: Configure Identity as Code for a Camunda 8 Self-Managed Orchestration Cluster. | ||
| id: admin-as-code |
There was a problem hiding this comment.
Pending discussion, see https://camunda.slack.com/archives/C0A40PPLWUV/p1772638230135409?thread_ts=1772205730.772239&cid=C0A40PPLWUV.
Do not merge as is
There was a problem hiding this comment.
Suggested title:
"Provisioning clusters via code"
There was a problem hiding this comment.
@StevePascoe I would say that "provisioning clusters" is too vague and could be covering a lot of functionality that is not actually supported. This page seems to be mostly referring to the identity-related entities (users, groups, authorizations, roles, tenants, mapping rules) and anything more high-level or abstract could be considered misleading.
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
9bb9684 to
4684fd5
Compare
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
2 times, most recently
from
67466d1 to
c7546af
Compare
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
2 times, most recently
from
690af56 to
4e7c7a7
Compare
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
4e7c7a7 to
7a9be3b
Compare
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
7a9be3b to
46606ad
Compare
| 6. Open the Orchestration Cluster Identity in your browser at `http://localhost:8080/identity` and log in with the user `admin` (defined in `identity.firstUser` of the values file). | ||
| 7. In the Identity navigation menu, select **Roles**. | ||
| 8. Either select an existing role (for example, **Admin**) or [create a new role](/components/identity/role.md) with the appropriate permissions for your use case. | ||
| 6. Open the Orchestration Cluster Admin in your browser at `http://localhost:8080/admin` and log in with the user `admin` (defined in `identity.firstUser` of the values file). |
There was a problem hiding this comment.
In cases like this we point out the use of identity.firstUser. There was no work scoped out to make changes around this. If there is a strong need for this it should be highlighted during a review of this PR.
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
5137f70 to
debbc3d
Compare
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
debbc3d to
251d24c
Compare
…ate cross-references Co-authored-by: lev-safro <247139055+lev-safro@users.noreply.github.com>
Co-authored-by: lev-safro <247139055+lev-safro@users.noreply.github.com>
- Update glossary: rename Identity to Admin with migration note - Fix broken links: identity-introduction.md → admin-introduction.md - Update terminology in admin docs: Identity → Admin - Rename identity-as-code.md to admin-as-code.md and update content - Update Spring profile references: identity → admin in dual-region-ops.md - Add bring-your-groups.md to sidebar - Fix 8.9 release notes: correct confusing text and add profile/API/Helm deprecation info - Add profile transition note to Admin overview - Update connect-external-identity-provider.md: Identity → Admin references
georgios-goulos
force-pushed
the
copilot/update-identity-to-oc-admin
branch
from
251d24c to
c5eed65
Compare
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| This section describes authorization for domain resources (such as process and decision definitions), not access to UI components or APIs. Users need additional permissions to access specific resources within web components: | ||
|
|
||
| - Process-related: Resource type `Process Definition` | ||
|
|
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
| For example, assume a user belongs to `Tenant A` but not `Tenant B`: | ||
|
|
||
| 1. **Deploying a process model** | ||
|
|
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
|
The preview environment relating to the commit 76fd23a has successfully been deployed. You can access it at https://preview.docs.camunda.cloud/pr-8093/ |
Renames the Orchestration Cluster Identity component to Admin (Orchestration Cluster Admin) across all 8.9 documentation, per the product rename for Camunda 8.9.
Language strategy: "Admin" replaces "Identity" when referring to the component/UI. "Identity" terminology is preserved for concepts (roles, authorizations, tenants, mapping rules). "Management Identity" is unchanged.
Structural changes
docs/components/identity/→docs/components/admin/identity-introduction.md→admin-introduction.md(newid: admin-introduction, updated title/description)docs/self-managed/components/orchestration-cluster/identity/→docs/self-managed/components/orchestration-cluster/admin/sidebars.js: updated labels ("Identity" → "Admin") and all path referencesContent updates
Key pages updated to reference Orchestration Cluster Admin:
reference-architecture/kubernetes.md,manual.md,reference-architecture.md— "Admin vs Management Identity" tableconcepts/multi-region/dual-region.mddeployment/helm/(index, configure-multi-tenancy, basic-authentication, eks-helm, aks-helm, redhat-openshift)quickstart/developer-quickstart/docker-compose.mdcomponents/connectors/connectors-configuration.mdcomponents/orchestration-cluster/zeebe/security/client-authorization.mdcomponents/orchestration-cluster/overview.md,console/manage-clusters/settings.mdauthorizations.md,mapping-rules.md,access-control-overview.md,multi-tenancy.mdAnnouncements
890-announcements.mdwhats-new-in-89.mdPR Checklist
The commit history of this PR is cleaned up, using
{type}(scope): {description}commit message(s)My changes are for an upcoming minor release and are in the
/docsdirectory (version 8.9).My changes are for an already released minor and are in a
/versioned_docsdirectory.I included my new page in the sidebar file(s).
I added a DRI, team, or delegate as a reviewer for technical accuracy and grammar/style:
@camunda/tech-writersunless working with an embedded writer.When should this change go live?
bugorsupportlabel)available & undocumentedlabel)holdlabel)low priolabel)Original prompt
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.