Authentication overview
Pexip Infinity can be configured to connect to various external services in order to authenticate, authorize, and provision accounts that are allowed to connect to Pexip Infinity and its clients and services. It can also use local accounts and databases for authentication.
The table below shows which authentication services can be used for which Pexip features and services.
| Local database | LDAP | OpenID Connect | OAuth2 | SAML/OIDC via IdP | AD FS | |
|---|---|---|---|---|---|---|
| Pexip Infinity Administrator interface |
|
|
|
|||
| Pexip Infinity management API |
|
|
|
|||
| VMR / device bulk provisioning |
|
|||||
| Participant authentication to access VMRs |
|
|||||
| Pexip for Windows registration |
|
|||||
| Connect desktop app registration |
|
-
By default, Pexip Infinity has a single local administrator account for accessing the Pexip Infinity Administrator interface and the Pexip Infinity management API, authenticated with a username and password. For more information, see Managing local administrator authentication.
-
Pexip Infinity can be configured to connect to a Windows Active Directory LDAP server, or any other LDAP-accessible database, in order to authenticate and authorize the login accounts that are allowed to connect to the Pexip Infinity Administrator interface or the Pexip Infinity management API, and to bulk-provision individual Virtual Meeting Rooms or devices for every member of the directory. For more information, see Managing administrator access via LDAP and Provisioning VMRs, devices and users from Active Directory via LDAP.
-
Access to the Pexip Infinity Administrator interface can also be controlled via an OpenID Connect (OIDC) Identity Provider, allowing you to make use of the provider's single sign-on (SSO) and multi-factor authentication (MFA) capabilities. For more information see Managing administrator access via OIDC.
-
Access to the Pexip Infinity management API can also be controlled via OAuth2. This is an alternative to LDAP for environments that make frequent API requests, as it can significantly reduce the number of authentication requests sent to the LDAP server. For more information, see Managing API access via OAuth2.
-
Conference participants can be required to use single sign-on (SSO) to authenticate with a SAML 2.0 or OpenID Connect Identity Provider, in order to access conferences. For more information, see About participant authentication.
-
Pexip for Windows must authenticate with an Identity Provider in order to register with Pexip Infinity. For more information, see Authenticating registrations using Identity Providers.
-
Pexip Infinity can integrate with Active Directory Federation Services (AD FS) to provide the legacy Connect desktop app with single sign-on (SSO) access to allow users to register their clients using their AD credentials.
This method of authentication is being deprecated and is not supported by the new Pexip apps.
For more information, see Authenticating registrations using AD FS.