WebsiteCommunityDeveloperFree Trial
Search…
Rocket.Chat Documentation
Getting Support
Development Docs
Quick Start
Deploying Rocket.Chat
Scaling Rocket.Chat
Accessing Your Workspace
Installing Client Apps
Upgrading Rocket.Chat
Environment Configuration
Guides
User Guides
Administration
Basic White-labeling
Identity Management (EE vs CE)
Admin Panel
Go Fully Featured
Info
Import
Users
Rooms (aka Channels)
Invites
Connectivity Services
View Logs
Custom sounds
Federation Dashboard
Apps
Email Inboxes
Custom Emoji
Integrations
OAuth Applications
Mailer
Custom User Status
Permissions
Settings
Accounts
Analytics
Assets
Atlassian Crowd
Blockstack
Bots
Call Center
CAS
Custom Emoji Filesystem
Custom Sound Filesystem
Discussion
E2E Encryption
Email
Enterprise
Federation
File Upload
General
IRC
IRC Federation
Layout
LDAP
Livestream & Broadcasting (Youtube)
Logs
Message
Meta
Mobile
OAuth
Omnichannel Admin's Guide
OTR
Push (Notifications Admin Guide)
Rate Limiter
Retention Policy
SAML
Rocket.Chat server settings
Simple SAML php
Active Directory Federation Services
Oracle Identity Cloud Service
Keycloak
Search
Setup Wizard
SlackBridge
Smarsh
SMS
Threads
Troubleshoot
User Data Download
Video Conference Admin Guide
Webdav Integration
WebRTC
Engagement Dashboard
Advanced Admin Settings
Omnichannel
Message Auditing Panel
Message Auditing Log
Rocket.Chat Call Center
App Guides
Mobile Guides
Roles in Rocket.Chat
Security and Compliance Guides
Brand and Visual Guidelines
Enterprise Edition Trial
Rocket.Chat SaaS
Cloud Account
Resources
Frequently Asked Questions
Contributors
How can I help?
Contributor Code of Conduct
Google Summer of Code
Google Season of Docs
Github Sponsorship
Legal
Terms of Service
Master Services Agreement for Self Managed Workspaces
Master Service Agreement for Professional Services
Privacy Policy
Privacy Policy Facebook Messenger
Code of Conduct for our services
GDPR
Censorship and Harmful Content
Guidelines for Law Enforcement
Server Lookup
DMCA Policy
Powered By GitBook
Active Directory Federation Services
Authenticating Rocket.Chat and Microsoft ADFS via SAML
It is possible to set up the authentication between Rocket.Chat and Active Directory Federation Services by setting up SAML authentication scenario.
Microsoft ADFS provides an IdP service that can be consumed by Rocket.Chat for authentication. Important: If you are using Active Directory without Federation Services, you should perform the user synchronization via LDAP only.
This document takes into consideration that your ADFS environment is deployed and running. For further info, please refer to this guide.
The Rocket.Chat configuration should be done as follows:
  1. 1.
    Go to Administration -> SAML and configure the entry points and the IdP path.
  1. 1.
    Add the private key certificate related to the ADFS server.
Important: ADFS uses .pfx certificate extensions (widely used on Windows landscapes) and Rocket.Chat uses .pem files. So, before setting the certificate here, it must be converted.
  1. 1.
    Set the Custom Authn Context and User Data Field Map according to the scenario you have on your Active Directory Federation Services
Important: The Custom Authorization context fields must match the authentication methods selected on ADFS. Microsoft Federation Services provides two authentication methods: Forms authentication and Windows Authentication.
  • Forms authentication: If this option is selected as 'primary', a login form provided by ADFS will be called by the SAML assertion to perform the login operation. For this method, the recommended "Custom Authn Context" in Rocket.Chat should be urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  • Windows authentication: if this option is selected as 'primary', ADFS will expect the login assertions on the Windows Domain level. To set a full SSO scenario between Rocket.Chat and ADFS, the recommended "Custom Authn Context" should be _urn:federation:authentication:windows_
Previous
Simple SAML php
Next
Oracle Identity Cloud Service
Last modified 24d ago
Export as PDF
Copy link