Imixs Workflow...the open source technology for business process management
Project Home
GDPR Compliant Workflow Engine
Imixs-Workflow provides a unique security model that protects your business data at the process level – fully compliant with GDPR.
Security by Design – Not by Code
Business data in workflows is sensitive. A vacation request should only be visible to HR and the employee. A contract negotiation only to the responsible team. Sensitive business data must only be accessible to the right people at the right time. Imixs-Workflow solves this by defining security rules directly in the BPMN process model – transparent, auditable and adaptable at any time without touching a single line of code. Security becomes part of the process itself – visible, documentable and controllable by business users, not just developers.
Fine-Grained Access Control per Process Instance
Imixs-Workflow assigns an individual Access Control List (ACL) to every single process instance. You can define Owner, Read- and Write Access separately for each task in your BPMN model. This means access rights change automatically as the process moves forward. A document that is writable for the initiator in the first step becomes read-only for them once it moves to the approval stage – all controlled by the model, not by code.
BPMN-Driven Security – Transparent and Auditable
Security rules in Imixs-Workflow are not hidden in application code or configuration files. They are defined directly in the BPMN model using the Imixs-BPMN Tool – visible to every stakeholder, from the developer to the business analyst to the auditor. This makes compliance audits straightforward. Your BPMN model is not only the executable process – it is also the living documentation of your security policy. Any change to access rules is immediately visible in the model and takes effect without redeployment. This approach is particularly valuable for GDPR compliance – every access rule is documented, traceable and adjustable by business users at any time.
OpenID Connect Integration
Imixs-Workflow supports modern enterprise authentication through the Imixs-Security OIDC module – a powerful open source library for Jakarta EE 10 applications. The module provides a unified security architecture that handles both browser-based login and Bearer Token authentication for REST APIs in a single configuration. It works with any standard OIDC provider – Keycloak, Microsoft Entra ID, Auth0 or Okta – without vendor lock-in. This means your workflow application integrates seamlessly into your existing enterprise identity infrastructure while maintaining full GDPR compliance through the Imixs access control model.
What's Next…
Continue reading more about:
back