# Operaton ## Configuring Operaton webapps By default, Valtimo includes the Operaton webapps, including the [cockpit](https://docs.operaton.org/docs/documentation/webapps/cockpit/). This is accessible by using the path `/operaton/app/` on the domain where Valtimo is hosted. e.g. `http://example.valtimo.com/operaton/app/` ### Configuring an admin user The Operaton webapps use the default Operaton authentication mechanism. This means they cannot be accessed by keycloak users. Credentials can be configured in the default way Operaton provides when using Spring. In order to create an admin user the following application configuration should be set: ```yaml operaton.bpm.admin-user: id: admin # or another username of choice password: # enter a newly generated password here ``` Note: The id (username) is unique. If you want to change the password, you can do it via the Operaton web interface: Dashboard => Users => Account See the [Operaton documentation](https://docs.operaton.org/docs/documentation/user-guide/spring-boot-integration/configuration#operaton-engine-properties) for more configuration properties. ### Additional security The Operaton webapps are available in a separate path (`/operaton/*`) from the other Valtimo APIs (`/api/*`). Since the Operaton webapps are a tool used to manage the internal it may be advisable to control access to this path on an infrastructure level. To remove the Operaton webapps from Valtimo altogether the `org.operaton.bpm.springboot:operaton-bpm-spring-boot-starter-webapp:7.14.0` dependency can be excluded. This is a dependency in the Valtimo `core` module. ### IP whitelist Access to the Operaton webapps is restricted by an IP whitelist. Only requests originating from whitelisted IP addresses are permitted. Requests from other IP addresses will receive a `403 Forbidden` response. The whitelist is configured via the `valtimo.security.whitelist.hosts` application property: ```yaml valtimo: security: whitelist: hosts: - localhost ``` The value can be a hostname (e.g. `localhost`) or a CIDR notation (e.g. `10.0.0.0/8`). Hostnames are resolved to IP addresses at startup. If `valtimo.security.whitelist.hosts` is not configured, empty, or contains only entries that cannot be resolved, access to Operaton webapps is denied (requests receive `403 Forbidden`). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.valtimo.nl/fundamentals/getting-started/modules/core/operaton-webapps.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.