Skip to content
Unicorn Delivery Service Unicorn Delivery Service

Group Based Authorization

Group-based authorization allows to control access to a specific application based on User Group membership. UDS Core is configured to support the following Groups (see User Groups for more details):

Keycloak GroupUDS Group NamePurpose
Admin/UDS Core/AdminDefined for Administrators
Auditor/UDS Core/AuditorDefined for regular Users

Below is an example to configure authorization based on the Admin (/UDS Core/Admin) Group:

apiVersion: uds.dev/v1alpha1
kind: Package
metadata:
  name: httpbin-other
  namespace: authservice-test-app
spec:
  sso:
    - name: Demo SSO
      clientId: uds-core-httpbin
      redirectUris:
        - "https://protected.uds.dev/login"
      enableAuthserviceSelector:
        app: httpbin
      groups:
        anyOf:
          - "/UDS Core/Admin"
Cookie Settings Privacy Policy