- Graphwise Platform Documentation
- Graphwise Documentation
- How to Install & Manage Graphwise Components
- Security Configuration
- Graphwise Platform Security Model
- The Graphwise Platform Security Model in a Nutshell
The Graphwise Platform Security Model in a Nutshell
15/07/2026
The Graphwise Platform Security Model ensures:
Centralized IdP (Keycloak) for all applications with a single realm per environment
Seamless SSO across the suite with shared identity and permissions
External M2M access via client credentials
Identity federation for end users
Strict audience-scoped tokens to minimize size and scope
HTTPS, token expiry, key rotation; no hard-coded secrets
A versioned Keycloak realm configuration is provided
One client per service with predefined roles
Importable into a fresh Keycloak installation
All applications authenticate via one Keycloak realm (OIDC); no local user stores in applications
Disabling a user in Keycloak revokes access to all applications
Logging into one application grants access to others (SSO); global logout invalidates the SSO session
Roles and claims are centrally defined in Keycloak; services enforce authorization from token claims; changes apply immediately
All service-to-service calls require valid Keycloak tokens (client credentials)
External IdPs (Azure AD/Entra ID, LDAP, SAML) are supported; roles are mapped in Keycloak
Tip
Refer to the original Keycloak documentation for more details.
Note
Refer to the Migration Guide for further details.