Authentication overview

Pexip Infinity can be configured to connect to various external services in order to authenticate, authorize, and provision accounts that are allowed to connect to Pexip Infinity and its clients and services. It can also use local accounts and databases for authentication.

The table below shows which authentication services can be used for which accounts.

  Local database LDAP OpenID Connect OAuth2 SAML 2.0 AD FS
Pexip Infinity Administrator interface      
Pexip Infinity management API      
VMR bulk provisioning          
Participant authentication to access VMRs        
Connect app registration          
Third-party application registration      
  • By default, Pexip Infinity only has a single local administrator account for accessing the Pexip Infinity Administrator interface and the Pexip Infinity management API. For more information, see Managing local administrator authentication.

  • Pexip Infinity can be configured to connect to a Windows Active Directory LDAP server, or any other LDAP-accessible database, in order to authenticate and authorize the login accounts that are allowed to connect to the Pexip Infinity Administrator interface or the Pexip Infinity management API, and to bulk-provision individual Virtual Meeting Rooms or devices for every member of the directory. For more information, see Managing administrator access via LDAP and Provisioning VMRs, devices and users from Active Directory via LDAP.

  • Access to the Pexip Infinity Administrator interface can also be controlled via an OpenID Connect (OIDC) Identity Provider, allowing you to make use of the provider's single sign-on (SSO) and multi-factor authentication (MFA) capabilities. For more information see Managing administrator access via OIDC.

  • Access to the Pexip Infinity management API can also be controlled via OAuth2. This is an alternative to LDAP for environments that make frequent API requests, as it can significantly reduce the number of authentication requests sent to the LDAP server. For more information, see Managing API access via OAuth2.

  • Conference participants can be required to use single sign-on (SSO) to authenticate with a SAML 2.0 or OpenID Connect Identity Provider, in order to access conferences. For more information, see About participant authentication.

  • Pexip Infinity can integrate with Active Directory Federation Services (AD FS) to provide Connect apps and other third-party applications with single sign-on (SSO) access. This allows users to register their clients using their AD credentials. For more information, see Authenticating registrations using AD FS.

  • Third-party applications can also be required to authenticate with an Identity Provider in order to register with Pexip Infinity. For more information, see Enable registration using SAML/OIDC SSO.

    Future releases of the Connect desktop app for Windows will also support this option.