Logging in

There are various ways to authenticate with Kadi4Mat. Each instance may have one or more authentication providers registered, which are briefly described below.

Shibboleth allows logging in using an existing account of a user's home institution. Each institution needs to be enabled separately in Kadi4Mat. Note that some institution's identity providers may not release all required user attributes to Kadi4Mat by default. In this case, the administrator of the Shibboleth identity provider needs to be contacted.
LDAP also allows logging in using existing user accounts residing in a specific LDAP installation, e.g. in an Active Directory. This method of authentication is not necessarily tied to any specific institution.
Local credentials
This method of authentication uses separate accounts local to this application. Depending on the configuration of a Kadi4Mat instance, registration may or may not be enabled.

After logging in, the top left navigation allows access to Records, Collections, Groups, Templates and Users. Each navigation item leads to the respective main page of each resource, where existing resources can be searched and, if applicable, new resources can be created. Details about the resources are described in the following sections.

The top right navigation also provides quick access to create new resources or search for existing ones. Furthermore, the dropdown menu on the far right can be used to access the user profile, created resources as well as the Settings.


Records are the basic components of Kadi4Mat, as they contain data and connect it with metadata. The data of a record can either consist of a single file or of multiple files (e.g. a series of multiple images) all sharing the same metadata. Records can also be grouped into collections or linked to other records, as described later.

Creating a new record

Creating a new record first requires entering its metadata. This includes basic information, such as title, (unique) identifier and description. Additional, arbitrary, extra metadata can also be specified, specific for each different kind of record. This generic metadata consists of key-value pairs, where each entry has at least a unique key, a type and a corresponding value with optional validation instructions. It is also possible to create templates for the generic metadata, as described in Templates. The following types can be used for this metadata:

A single text value.
A single integer value. Integer values can optionally have a unit further describing them.
A single floating point value. Float values can optionally have a unit further describing them.
A single boolean value which can either be true or false.
A date and time value which can be selected from a date picker.
A nested value which can be used to combine multiple metadata entries under a single key.
A nested value which is similar to dictionaries with the difference that none of the values in a list have a key.

Aside from the metadata, it is possible to set the visibility of a record to either private or public, the latter giving every logged in user the ability to search for the record and view its contents without requiring explicit permission to do so. Finally, a record can be linked to one or more collections while creating it, which of course may also be done later on instead.

Once the metadata of a record has been created, the actual data of the record can be added in a separate view, which the application will redirect to automatically. This view is just one part of the record menu, the next section describes the purpose of the others.

Managing existing records

Aside from managing the files of a record there are also some other views, each of which can be accessed through the respective item in the navigation menu of a record. The menu items are briefly described below:


This view gives an overview of the whole record, divided into different tabs, including all of its metadata and files, linked resources, access permissions and metadata revisions. On the main overview tab it is also possible to export, publish or copy a record. Publishing records is only available if at least one publication provider has been registered with the application.

Each file of a record also has another navigation menu similar to that of a record, accessed by clicking on the respective file. This menu provides the following two views:
Shows an overview about the file and its metadata. Additionally, some file types also include a basic preview functionality.
Edit file
Allows editing the basic metadata of a file or deleting it.
Update data
Allows editing the actual data of a file. Some file types may offer direct editing of the data, otherwise the regular upload functionality can be used.
Add files
This view allows adding one or more files to a record, usually by uploading them. Certain types of files may also be created directly via the web interface.
Edit record
This view allows editing the metadata of a record, which is mostly identical to creating a record. The main difference is that it is also possible to delete the record.
Manage links
In this view, a record can be linked to other records or collections using the respective tab. Collections are simple, logical groupings of multiple records, while links to another record can also contain additional metadata. Currently, this includes the name/type of the link and a timestamp, the latter being set automatically. Linking resources requires link permission in both resources that should be linked together. Note that users still won't be able to view any linked resources if they have no explicit permission to do so.
Manage permissions
This view allows explicitly setting access permissions for a record to individual users or groups of users. Currently, this works by using predefined roles. Details about the specific actions each role provides can be found using the Role permissions popover in this view. Note that group roles are always shown to users being able to manage permissions, even if the group would normally not be visible. This way, existing group roles can always be changed and/or removed, even if a user is not part of the group any more. Such group roles only contain very limited information about the group itself.
Searching existing records

When searching existing records, it is also possible to search for their generic metadata by using the Search extras toggle of the search form in the record navigation menu. It is possible to search for keys, types and different kinds of values based on the selected types. Multiple such queries can be combined with an AND or an OR operation in the form of (Q1 AND Q2) OR (Q3 AND Q4). Exact matches for keys and string values can be required by using double quotes, e.g. "key". Note that keys inside of nested metadata entries are indexed in the form of <parent_key>.<parent_key>.<key>. In case of list entries, keys are replaced by the corresponding index in the list instead, starting at 1.


Collections represent simple, logical groupings of multiple records.

Creating a new collection

Creating a new collection is very similar to creating a new record, except that only some basic metadata is necessary. Similarly, no files can be uploaded. Instead, the application will redirect to the overview of the newly created collection right away.

Managing existing collections

Similar to records, collections have their own navigation menu, offering different views for editing metadata, linking resources, managing access permissions and viewing revisions. As most of the menu items are very similar to those of records, please refer to managing existing records for more information.

Manage links
Besides linking collections to records, collections can also be linked to other collections. This functionality can be used to create simple hierarchies of parent and child collections in order to improve the structuring of multiple resources, e.g. by representing projects and corresponding subprojects. Note that each collection may only have one parent.
Manage permissions
Besides managing the permissions of collections themselves, it is also possible to manage the roles of users and groups of all linked records in a collection in the corresponding tab. Specifically, this applies to all linked records where one can manage permissions. When selecting an empty role, the existing roles of all selected users and groups are removed instead.


Groups can be used to group several users together, allowing for easier access management.

Creating a new group

Creating a new group is again very similar to creating other resources. Aside from basic metadata, a group picture can also be uploaded, which will be shown on the group overview as well as on search result pages.

Managing existing groups

The management of existing groups is similar to other resources as well. The main difference is that instead of having a view for managing access permissions, there is a view for managing the members of a group:

Manage members

Managing the members of a group is comparable to managing the access permissions of records or collections, as group membership is linked to the access permissions of a group. Specifically, as long as a user has any role in a group, they are a member of this group as well, while of course also having the respective permissions their role provides.

Additionally, it is possible to automate the assignment of roles within a group by specifying rules with different conditions in the corresponding tab. Each rule is applied when a new user registers, but it can also be applied retroactively to all existing users.


Templates enable the creation of blueprints for resources. There are different types of templates, which define the actual content that a template can contain. The following types of templates currently exist:

Record templates can contain all of the metadata that can be specified for a record, including its generic extra metadata, and can be selected when creating a new record.
Extras templates are focused on the generic extra metadata of a record. Extras templates can be selected and combined wherever such metadata can be specified, including when creating other templates.
Creating a new template

Creating a new template is very similar to creating other kinds of resources. Each template requires at least setting a title and identifier for the template itself, while the actual template data depends on the type of template.

Managing existing templates

Similar to other resources, templates have their own navigation menu, offering the ability to edit existing templates or to share them with other users or groups. As with the other resources, the menu for the former also allows deleting templates. Note that compared to other resources, templates will currently be deleted directly and are not moved to the trash first.


In this view all registered users of the current Kadi4Mat instance can be viewed. A click on a user leads to their profile page, similar to one's own profile. Besides viewing the resources a user created, it is also possible to view all resources that were (explicitely) shared with a user, either directly or via groups.


The settings allow managing everything not directly related to the actual creation and management of resources. Similar to managing resources, there are multiple menu items to navigate to different views:

In this view it is possible to change basic user information, which is displayed on a user's profile. Note that some options might be disabled, depending on the type of the user account.
In this menu, users can change their password. Depending on the type of user account this menu item may be hidden.
Access tokens
Creating a personal access token (PAT) gives access to the HTTP API that Kadi4Mat provides. This API makes it possible to programmatically interact with most of the resources that can be managed via the graphical user interface of Kadi4Mat by sending suitable HTTP requests to the different endpoints the API provides. Detailed information about the API can be found in Kadi4Mat's documentation.
Connected services
In this menu, users can manage their connections with different third party services. Each service has to be registered as a plugin in the application and can be used for different tasks, e.g. publishing records.
This is where deleted resources can be found, namely deleted records, collections or groups. Resources can either be restored or deleted completely. The latter will happen automatically after 1 week. Note that only the creator of a resource can restore or completely delete them.