Identity and Access Management.

Secure, centralised authentication and access control.

Was ist Identitäts- und Zugriffsmanagement?

Diese Funktion ermöglicht es einer Organisation, ihr vorhandenes Benutzerverzeichnis und/oder ihren Single Sign-On (SSO) -Authentifizierungsanbieter anstelle des Standardauthentifizierungssystems von Element zu verwenden. Element kann in Benutzerverzeichnisse wie Active Directory und SSO-Lösungen wie SAML 2.0, OIDC und CAS integriert werden. Alle diese Anbieter benötigen unterschiedliche Konfigurationen, aber wir unterstützen sie heute alle.

Whether you’re managing thousands of internal users or enabling secure access for distributed teams, IAM helps reduce administrative burden, improve security and deliver a smooth user experience across your deployment.

Integrate with LDAP or Active Directory

Connect ESS Pro with LDAP or Active Directory (AD) to leverage your organisation’s existing credentials. Users can log in with familiar accounts, while administrators maintain centralised control over access, user provisioning and group-based permissions. This also supports compliance and simplifies identity management at scale.

Connect to your identity provider

ESS Pro also integrates with external Identity Providers using OpenID Connect (OIDC). This enables centralised authentication, seamless Single Sign-On (SSO), and secure login experiences for your users.

Depending on the provider, advanced security measures like Multi-Factor Authentication (MFA), password policies, or adaptive/risk-based authentication can be enforced. This helps organisations maintain stronger control and meet compliance assurance.

Supported Identity providers include:

Keycloak
Microsoft EntraID (formerly Azure AD)
Univention Nubus
Okta
Auth0
Ping Identity
ForgeRock

…and virtually any other provider that supports OIDC

Centralised user management with LDAP & SCIM

LDAP and SCIM integration is an ESS Pro extension that connects external user management and authentication systems, making them the source of truth for all user accounts and related information.

The integration supports LDAP and SCIM protocols for data exchange and allows a wide range of identity management capabilities.

Group access control

Enforce room memberships based on user attributes or group memberships. Accidental invites to unauthorised users are automatically withdrawn to protect sensitive information.

User attribute sync

Keep user profile information (display names, emails, etc.) up to date automatically with changes from your directory.

User lifecycle management

Manage user lifecycles in ESS Pro based on their status in the external directory. New users are provisioned correctly, and departing users are de‑provisioned to maintain proper access control.

Automated memberships and permissions

Mirror organisational structures in ESS Pro by automatically assigning users to Spaces and rooms with the correct permissions. For example, all members of the IT Department can be automatically added to the “IT” space with appropriate access rights.

Admin privilege sync

Set administrative privileges based on user attributes in your central directory. ESS Pro automatically synchronises these privileges, ensuring the right users have the correct administrative access.

Stop accidental invites with enterprise-grade control

Watch Element Server Suite in action with Microsoft Active Directory integrated, preventing unauthorised users from joining chat rooms and protecting sensitive information. Signalgate is used as a case study to demonstrate how IAM maintains secure, compliant collaboration across the organisation.