We use MS Active Directory / LDAP for authentication in RocketChat, users log in via the Windows application (v 2.17.9). Is there currently a way to implement the login in the application via single sign-on? So that the users no longer have to enter credentials.
I haven’t tried it but others have mentioned using KeyCloak. The simplest approach seems to be via direct integration with RocketChat, although some people have used the indirect way; KeyCloak integration with LDAP and LDAP integration with RocketChat.
Search this forum for relevant discussions/issues.
I’m not a KeyCloak administrator, so I can’t share all process, but I think it’s working like @toddy described here
LDAP integrated in RocketChat on LDAP page in Admin UI.
Then you need to configure KeyCloak as Custom OAuth in Oauth page in Admin UI
I believe in KeyCloak you should configure integration with same domain as on LDAP page.
And last one - you need to add KeyCloak and maybe RocketChat URLs to Local Intranet Security zone of Internet Explorer by group policies.