Identity and Access Management.
Identity and Access Management (IAM) integrations are crucial to professional environments as they centralise control, improve security and deliver a better experience for end users.
Authenticate using LDAP or Active Directory
Identity and Access Management (IAM) integrations are crucial to professional environments as they centralise control, improve security and deliver a better experience for end users.
You can connect Element Server Suite Pro (ESS Pro) with an LDAP or Active Directory (AD).
You can connect Element Server Suite Pro (ESS Pro) with an LDAP or Active Directory (AD).
Single Sign-On (SSO)
ESS Pro also connects with OIDC-based external Identity Providers for central authentication, enhanced security and a great user experience due to Single Sign-On (SSO).
Depending on the capabilities of your Identity Provider product, this also allows you to employ more sophisticated authentication security measures like Multi-Factor Authentication (MFA), password security controls or adaptive/risk-based authentication policies.
Depending on the capabilities of your Identity Provider product, this also allows you to employ more sophisticated authentication security measures like Multi-Factor Authentication (MFA), password security controls or adaptive/risk-based authentication policies.
Supported Identity Provider products include
-
Keycloak
-
Microsoft EntraID (formerly Azure AD)
-
Univention Nubus
-
Okta
-
Auth0
-
Ping Identity
-
ForgeRock
… and basically all other products that support OpenID Connect
LDAP and SCIM integration
LDAP and SCIM integration is an extension in ESS Pro with the objective of integrating external user management and authentication systems as tightly as possible so that they are the authoritative source of truth where an organization manages all their users and respective information.
The integration supports LDAP and SCIM protocols for data exchange and provides the capabilities below.
The integration supports LDAP and SCIM protocols for data exchange and provides the capabilities below.
User attribute sync
Automatically keep user profile information (display names, email addresses, etc.) in Element up-to-date with changes in the external user directory.
User lifecycle management
Automatically manage user lifecycles in ESS according to their respective states in the external user directory to maintain access control and to make sure that leavers are de-provisioned accordingly.
Group access control
Automatically enforce room memberships to safeguard your conversations and to prevent information leakage due to accidental room invites. LDAP and SCIM integration will enforce room memberships based on user attributes in an external user directory (i.e., group memberships). When a user accidentally invites someone who is not entitled to get access to a room, the invite will automatically be withdrawn, protecting sensitive information.
Automated space/room memberships and permissions
Automate space and room membership and permission management based on attributes in the external user directory. This allows you to mirror organizational structures and to make sure that the respective users are members of the rooms with the appropriate permissions.
You might, for instance, have a ‘Marketing’ space with the rooms of the Marketing team underneath it. LDAP and SCIM integration will automatically add all team members to that ‘Marketing’ space, giving them access to Marketing team resources and making sure they are equipped with the right permissions for these rooms.
You might, for instance, have a ‘Marketing’ space with the rooms of the Marketing team underneath it. LDAP and SCIM integration will automatically add all team members to that ‘Marketing’ space, giving them access to Marketing team resources and making sure they are equipped with the right permissions for these rooms.
Admin privilege sync
LDAP and SCIM integration allows organizations to set administrative access privileges based on user attributes in the central user directory. It will automatically synchronize these and equip the respective ESS users with the appropriate privileges.
Integrations
-
Hookshot
-
Integration Manager
