Users and groups are managed using permissions and roles in Keycloak. All users of the user interface must be members of the corresponding permission roles in Keycloak.
The roles are created automatically when the app is imported. Once the roles have been created, you must assign these roles to the users in the Keycloak administration.
In Keycloak, add the roles under Role Mappings > Client Roles > app-server per user or group.
For more information about managing users and groups in Keycloak, please refer to the Keycloak Administration Guide: Server Administration Guide.
Assign the following roles to users depending on their area of responsibility:
-
Role eca-user: All users who are authorized to use edoc contract as recipients and users.
-
Role eca-admin: All users who act as administrators.
-
Role eca-contract-overview: All users who are allowed to view all contracts of your organization in the contract overview.
Tip
Use Keycloak with a single sign-on provider (e.g. Kerberos or OpenID Connect) so that edoc contract users only need to log in once.
For example, you can use the OpenID Provider app from d.velop together with d.3one and d.velop documents (Cloud).
See also