Administrators use Admin to manage your users, organize them in groups and grant permissions. Camunda decouples the identification of users from their authorization to execute certain actions.
For identification, you can either use the user management that ships with Camunda, or your already existing user management system that you can integrate with Camunda via LDAP. Once a user has identified themselves (e.g. submitted the login screen in a Camunda web application), Camunda will authorize them based on the permissions defined in Camunda Admin.
The permissions that you define in Camunda Admin will be considered at all levels, i.e. when calling the core engine API, the REST API and when using a Camunda web application.
This section highlights a few features of Admin.
The Users menu allows you to add, edit and delete user profiles. Furthermore, you can manage group membership and change passwords. A user profile can contain first and last name and the email address.
Organizing users in groups makes sense, if you want to manage permissions based on groups or if you want to assign user tasks (BPMN) or human tasks (CMMN) to groups instead of dedicated users.
You authorize users by granting or denying permissions. Those can be very fine-grained. For example, you can configure that only users of the group 'marketing' can work on marketing processes.