Identity Management (EE vs CE)
Identity management plays a crucial role in ensuring secure and efficient user access to digital resources. Rocket.Chat, , offers robust identity management features in both its Enterprise Edition (EE) and Community Edition (CE). This document will provide a comprehensive overview of the identity management features in Rocket.Chat's EE and CE, highlighting the differences and capabilities of each. With Rocket.Chat, you can connect to your Active Directory application or Identity Management System through Lightweight Directory Access Protocol (LDAP), Open Authorization (OAuth), and Security Assertion Markup Language (SAML).
In your workspace, leverage advanced settings such as background sync, roles mapping from groups, auto-logout, and advanced user data sync with LDAP. Here are some differences between the community and enterprise editions when using LDAP.
Community | Enterprise |
|---|---|
Login Login Fallback: This option allows regular password users to log in on Rocket.Chat. It will let LDAP users continue using Rocket.Chat if the LDAP server is down. Merge with existing Rocket.Chat users: Detect if the LDAP user is already registered on Rocket.Chat and use the same user for both authentication types. Filter what LDAP users can log in: There are two settings to manage this: Search Filter and Group Filter. | Advanced User Data Sync Load information from the LDAP user to Rocket.Chat Load Custom User Data from LDAP: Load any LDAP attribute to a custom field on Rocket.Chat Advanced-Data Sync: Perform additional operations based on data from LDAP Roles Mapping from Groups: You can map any LDAP group to a Rocket.Chat role Auto-Subscribe to Channels: You can map any LDAP group to a Rocket.Chat channel Auto-Unsubscribe from Channels: You can also remove users from Rocket.Chat channels on LDAP Auto-Join Teams: You can map any LDAP group to a Rocket.Chat team Auto-Leave Teams: You can also remove users from Rocket.Chat teams on LDAP |
Basic User Data Sync Load information from the LDAP user to Rocket.Chat Load Basic User Data from LDAP: Email, name, and username. Load Avatars: Load the user's avatar from an LDAP attribute | Background Sync Periodic background sync Incremental Sync: Give the option to use Incremental Sync (will be implemented in a future release) Sync User Active State: Determine if users should be enabled or disabled on Rocket.Chat based on the LDAP status Auto logout: Auto logout user on the next sync when it's removed/disabled on the LDAP group |
Encryptions The encryption method used to secure communications to the LDAP server | |
Create role mapping from user groups by selecting any field you want to sync with Rocket.Chat.
Community | Enterprise |
|---|---|
Basic Synchronization: Keep user data in sync with the server on login (email, name, and username). Customizable User Interface: Ability to customize button color and text. | Roles mapping: Role mapping from user groups. Fields mapping: Select any field you want to sync with Rocket.Chat. Advanced: Advanced settings (eg. login with username and password x win user). |
Let your users log in via Facebook, Google, LinkedIn, GitHub, and other third-party applications.
Community | Enterprise |
|---|---|
Basic Social logins / pre-defined OAuth options Keep user data in sync with the server on login (Unique identifier and username). Avatar import Login methods: Apple, Dolphin, Drupal, Facebook, GitHub, GitHub Enterprise, GitLab, Google, Linkedin, Meteor, Nextcloud, Tokenpass, Twitter, WordPress. Basic Custom OAuth: Basic login settings Login via Custom OAuth protocol using a unique identifier Load Name, Username, and Email from OAuth Import Avatar from OAuth | Advanced Custom OAuth: Assign Rocket.Chat roles based on OAuth roles Join channels automatically based on OAuth roles. |
Last modified 2mo ago