MS Active Directory SSO (Windows 10)


We use MS Active Directory / LDAP for authentication in RocketChat, users log in via the Windows application (v 2.17.9). Is there currently a way to implement the login in the application via single sign-on? So that the users no longer have to enter credentials.


Server Setup Information

  • Version of Rocket.Chat Server: 3.3.0
  • Operating System: Windows 10
  • NodeJS Version: 12.14.0
  • MongoDB Version: 4.0.10
  • Firewalls involved: no
1 Like

I haven’t tried it but others have mentioned using KeyCloak. The simplest approach seems to be via direct integration with RocketChat, although some people have used the indirect way; KeyCloak integration with LDAP and LDAP integration with RocketChat.

Search this forum for relevant discussions/issues.

Yeap, @toddy right!
We did SSO on Windows in Active Directory domain using KeyCloak
All works fine.

Hi @anton.karlan

Can you share how I can do this?

Is there a tutorial available?

Thank you!

I’m not a KeyCloak administrator, so I can’t share all process, but I think it’s working like @toddy described here

LDAP integrated in RocketChat on LDAP page in Admin UI.
Then you need to configure KeyCloak as Custom OAuth in Oauth page in Admin UI
I believe in KeyCloak you should configure integration with same domain as on LDAP page.
And last one - you need to add KeyCloak and maybe RocketChat URLs to Local Intranet Security zone of Internet Explorer by group policies.

1 Like