Rocket.Chat supports multiple authentication methods to help you manage user access securely and efficiently. This section provides an overview of the available options.
Basic authentication
Users can sign up with an email and password, which is the default authentication method in Rocket.Chat. For additional security, you can enable two-factor authentication (2FA).
Advanced authentication protocols
The following options let you integrate with external identity providers and manage user access through single sign-on (SSO) or federated authentication:
Lightweight Directory Access Protocol (LDAP): Stores user information and access levels, acting as a digital directory. Rocket.Chat supports LDAP configuration, user search, and data synchronization.
Security Assertion Markup Language (SAML): An open standard that enables SSO across multiple web applications using a single set of credentials. Rocket.Chat supports interface configuration, behavior settings, and data mapping for SAML.
Open Authorization (OAuth): An open protocol that uses tokens to grant access to third-party services without exposing user credentials. Rocket.Chat supports providers such as Google, Apple, GitHub, and custom OAuth setups.
OpenID Connect: An identity layer built on OAuth 2.0 that enables SSO for web applications. Rocket.Chat is compatible with providers like Keycloak and Okta Identity Cloud Service.
External authentication: Allows direct sign-in from a website or third-party application using iframe-based integration.
Central Authentication Service (CAS): An open SSO protocol for user authentication and authorization.
Rocket.Chat’s authentication framework is flexible and provides robust access control to meet diverse business needs.. You can enable one or more authentication methods to fit your organization’s security requirements.