Identity data model
The identity data model shows how Users and Organizations are implemented in Keycloak and OpenShift. Please see Data model for the full abstract data model.
Each APPUiO Cloud user is represented by a user object in Keycloak.
Each APPUiO Cloud organization is represented by a group object in Keycloak.
Each team of an APPUiO Cloud organization is implemented as a group object in Keycloak. A group object set below an organization group object in the group hierarchy becomes a team.
APPUiO Cloud users are represented as a pair of
Identity objects in each OpenShift cluster (APPUiO Zone).
These objects are created when a user first logs in on a OpenShift cluster.
The user’s Keycloak property
Username is used to name the
User object in each OpenShift cluster.
APPUiO Cloud organizations and their teams are represented as
Group objects in each OpenShift cluster.
Groups are synchronized from Keycloak to all OpenShift clusters in regular intervals.
The organization CyberIgnite with team NobleGoldfish has two
The group synchronization is implemented with the RedHat Communities of Practice group-sync-operator.
Groups and their
Users can’t be overridden by external actors the separator between organisation and team
+ is forbidden in group names.
Organization memberships are represented in each APPUiO Zone by adding the user’s
User object name to the organization’s