Flowable Authorization

I am somewhat confused on how to integrate user id and ldap groups into a workflow.

For instance in a Human Task Assignment property I enter LDAP role, “BlairGroup”, for Candidate Group.

My application will be using a UI to call a rest service that will use the Flowable API to get user task. For instance: User with user id “tri009” needs to know what task they can claim. Assuming “tri009” is member of “BlairGroup” then they should be able to claim the task.

How is all this wired together? Some confusion is if the IDM application will be used or some how use only the Flowable Ldap api? Or both?



Ok, so after reading: https://flowable.org/docs/userguide/index.html#chapter_ldap

It looks like I can configure the LDAPConfigurator. For some reason I was thinking it was only for use with IdentityService. I will not be using IdentityService as the authentication will be done else where. I mainly want this part of the LDAP Configuration:

“Fetching the groups of a user. This is important when for example querying tasks to see which tasks a certain user can see (i.e. tasks with a candidate group).”

Am I thinking correctly?