Identity Management (EE vs CE)
Identity management plays a crucial role in ensuring secure and efficient user access to digital resources. Rocket.Chat, , offers robust identity management features in both its Enterprise Edition (EE) and Community Edition (CE). This document will provide a comprehensive overview of the identity management features in Rocket.Chat's EE and CE, highlighting the differences and capabilities of each. With Rocket.Chat, you can connect to your Active Directory application or Identity Management System through Lightweight Directory Access Protocol (LDAP), Open Authorization (OAuth), and Security Assertion Markup Language (SAML).
LDAP / AD
In your workspace, leverage advanced settings such as background sync, roles mapping from groups, auto-logout, and advanced user data sync with LDAP. Here are some differences between the community and enterprise editions when using LDAP.
Login
Login Fallback: This option allows regular password users to log in on Rocket.Chat. It will let LDAP users continue using Rocket.Chat if the LDAP server is down.
Merge with existing Rocket.Chat users: Detect if the LDAP user is already registered on Rocket.Chat and use the same user for both authentication types.
Filter what LDAP users can log in: There are two settings to manage this: Search Filter and Group Filter.
Advanced User Data Sync
Load information from the LDAP user to Rocket.Chat
Load Custom User Data from LDAP: Load any LDAP attribute to a custom field on Rocket.Chat
Advanced-Data Sync: Perform additional operations based on data from LDAP
Roles Mapping from Groups: You can map any LDAP group to a Rocket.Chat role
Auto-Subscribe to Channels: You can map any LDAP group to a Rocket.Chat channel
Auto-Unsubscribe from Channels: You can also remove users from Rocket.Chat channels on LDAP
Auto-Join Teams: You can map any LDAP group to a Rocket.Chat team
Auto-Leave Teams: You can also remove users from Rocket.Chat teams on LDAP
Basic User Data Sync
Load information from the LDAP user to Rocket.Chat
Load Basic User Data from LDAP: Email, name, and username.
Load Avatars: Load the user's avatar from an LDAP attribute
Background Sync
Periodic background sync
Incremental Sync: Give the option to use Incremental Sync (will be implemented in a future release)
Sync User Active State: Determine if users should be enabled or disabled on Rocket.Chat based on the LDAP status
Auto logout: Auto logout user on the next sync when it's removed/disabled on the LDAP group
Encryptions
The encryption method used to secure communications to the LDAP server
SAML
Create role mapping from user groups by selecting any field you want to sync with Rocket.Chat.
Basic Synchronization: Keep user data in sync with the server on login (email, name, and username).
Customizable User Interface: Ability to customize button color and text.
Roles mapping: Role mapping from user groups.
Fields mapping: Select any field you want to sync with Rocket.Chat.
Advanced: Advanced settings (eg. login with username and password x win user).
OAuth / Custom OAuth
Let your users log in via Facebook, Google, LinkedIn, GitHub, and other third-party applications.
Basic Social logins / pre-defined OAuth options
Keep user data in sync with the server on login (Unique identifier and username).
Avatar import
Login methods: Apple, Dolphin, Drupal, Facebook, GitHub, GitHub Enterprise, GitLab, Google, Linkedin, Meteor, Nextcloud, Tokenpass, Twitter, WordPress.
Basic Custom OAuth:
Basic login settings
Login via Custom OAuth protocol using a unique identifier
Load Name, Username, and Email from
OAuth
Import Avatar from OAuth
Advanced Custom OAuth:
Assign Rocket.Chat roles based on OAuth roles
Join channels automatically based on OAuth roles.