Identity Overview
WebStream ACP authenticates users through a mode chosen per organization. For evaluation, built-in accounts are fastest; for production, integrate with your existing identity provider so lifecycle and multi-factor policies stay where they belong.
Authentication modes
| Mode | Summary | Guide |
|---|---|---|
| Built-in | WebStream manages local accounts and passwords. | Built-in Authentication |
| OIDC | Single sign-on with an OpenID Connect provider and claim mapping. | OIDC Single Sign-On |
| LDAP | Authenticate against a directory such as Active Directory. | LDAP |
| Provider recipes | Azure AD/Entra, Okta, and Google Workspace specifics. | Azure AD, Okta, Google |
Where the mode is set
The authentication mode is configured per organization, so different tenants can use different providers within one deployment. See Authentication Modes.
Identities, users, and groups
However users authenticate, access is still granted through WebStream groups and entitlements. With OIDC and LDAP, you can map provider claims or directory groups to WebStream groups so access follows your directory.