Skip to content
This repository has been archived by the owner on Mar 17, 2023. It is now read-only.

Latest commit

 

History

History
37 lines (25 loc) · 12.6 KB

File metadata and controls

37 lines (25 loc) · 12.6 KB

Identity Management (EE vs CE)

It is essential to guarantee that only the right individuals have appropriate access to your workspace and every conversation there. With Rocket.Chat, you can connect to your Active Directory application or Identity Management System through Lightweight Directory Access Protocol (LDAP), Open Authorization (OAuth), and Security Assertion Markup Language (SAML).

LDAP / AD

Leverage advanced settings such as background sync, roles mapping from groups, auto-logout, and advanced user data sync with LDAP in your workspace. Here are some differences between the community and enterprise editions when using LDAP.

Community Enterprise

Login

Login Fallback: This option allows regular password users to log in on Rocket.Chat. It will let LDAP users continue using Rocket.Chat if the LDAP server is down.

Merge with existing Rocket.Chat users: Detect if the LDAP user is already registered on Rocket.Chat and use the same user for both authentication types.

Filter what LDAP users can log in: There are two settings to manage this: Search Filter and Group Filter.

Advanced User Data Sync

Load information from the LDAP user to Rocket.Chat

Load Custom User Data from LDAP: Load any LDAP attribute to a custom field on Rocket.Chat

Advanced-Data Sync: Perform additional operations based on data from LDAP

Roles Mapping from Groups: You can map any LDAP group to a Rocket.Chat role

Auto-Subscribe to Channels: You can map any LDAP group to a Rocket.Chat channel

Auto-Unsubscribe from Channels: You can also remove users from Rocket.Chat channels on LDAP

Auto-Join Teams: You can map any LDAP group to a Rocket.Chat team

Auto-Leave Teams: You can also remove users from Rocket.Chat teams on LDAP

Basic User Data Sync

Load information from the LDAP user to Rocket.Chat

Load Basic User Data from LDAP: Email, name, and username.

Load Avatars: Load the user's avatar from an LDAP attribute

Background Sync

Periodic background sync

Incremental Sync: Give the option to use Incremental Sync (will be implemented in a future release)

Sync User Active State: Determine if users should be enabled or disabled on Rocket.Chat based on the LDAP status

Auto logout: Auto logout user on the next sync when it's removed/disabled on the LDAP group

Encryptions

The encryption method used to secure communications to the LDAP server

****

SAML

Create role mapping from user groups by selecting any field you want to sync with Rocket.Chat.

Community Enterprise

Basic Synchronization: Keep user data in sync with the server on login (email, name, and username)

Customizable User Interface: Ability to customize button color and text

Roles mapping: Role mapping from user groups

Fields mapping: Select any field you want to sync with RC

Advanced: Advanced settings (eg. login with username and password x win user)

{% content-ref url="../../use-rocket.chat/workspace-administration/settings/saml/" %} saml {% endcontent-ref %}

OAuth / Custom OAuth

Let your users log in via Facebook, Google, LinkedIn, GitHub, and others.

Community Enterprise

Basic Social logins / pre-defined OAuth options

Keep user data in sync with the server on login (Unique identifier and username)

Avatar import

Login methods: Apple, Dolphin, Drupal, Facebook, GitHub, GitHub Enterprise, GitLab, Google, Linkedin, Meteor, Nextcloud, Tokenpass, Twitter, WordPress

Basic Custom OAuth:

Basic login settings

Login via Custom OAuth protocol using a unique identifier

Load Name, Username, and Email from

OAuth

Import Avatar from OAuth

Advanced Custom OAuth:

Assign Rocket.Chat roles based on OAuth roles

Join channels automatically based on OAuth roles

{% content-ref url="../../rocket.chat-resources/frequently-asked-questions/ldap-faq.md" %} ldap-faq.md {% endcontent-ref %}