Authenticating and authorizing users and groups in edoc platform is controlled centrally using Keycloak. Keycloak is an open source software for central identity and access management with the option for single sign-on (SSO) login.
Keycloak is provided as a container when edoc platform is installed and can be connected to various external authentication systems, e.g. LDAP or OpenID Connect, or operated as a stand-alone identity and access management system.
Communication with edoc agent takes place with the help of the edoc_agent user. This user plays a core role in the interaction between Keycloak and edoc platform.
Permissions are managed by defined roles. The admin role has a special position in the role concept, as this role has extended rights and access privileges that go beyond the rights and privileges of regular users.
The services are accessed via the /auth endpoint, which serves as the central access point for users.