Skip to main content
Open WebUI provides enterprise-grade features designed for large-scale, production deployments with advanced security, scalability, and compliance requirements.

Enterprise Features

Authentication & Identity Management

  • LDAP/Active Directory Integration - Connect to your existing directory services for centralized user authentication
  • SCIM 2.0 Provisioning - Automated user and group lifecycle management from identity providers like Okta, Azure AD, and Google Workspace
  • Single Sign-On (SSO) - OAuth 2.0/OIDC support for enterprise identity providers
  • Trusted Header Authentication - Integration with reverse proxy authentication systems

Access Control & Security

  • Role-Based Access Control (RBAC) - Granular permissions for users, groups, and resources
  • Group Management - Organize users into groups with shared permissions and resources
  • API Key Management - Secure programmatic access with scoped API keys
  • Session Management - Redis-backed distributed sessions for multi-node deployments

Scalability & Performance

  • Horizontal Scaling - Redis-backed WebSocket and session support for load-balanced deployments
  • Database Options - PostgreSQL support for enterprise-grade data storage
  • Cloud Storage - S3, Google Cloud Storage, and Azure Blob Storage backends
  • Vector Database Options - 9 vector database choices including PGVector, Qdrant, Milvus, and Elasticsearch

Observability & Monitoring

  • OpenTelemetry Integration - Full observability stack with traces, metrics, and logs
  • Production Monitoring - Integrate with your existing observability platform (Datadog, New Relic, Grafana, etc.)
  • Distributed Tracing - Track requests across multiple services and workers
  • Custom Metrics - Monitor application-specific metrics and performance

Enterprise Support

For Enterprise plans with custom theming, SLA support, and Long-Term Support (LTS) versions, contact our sales team.

Deployment Architecture

Enterprise deployments typically include:
  • Load Balancer - Distribute traffic across multiple Open WebUI instances
  • Redis Cluster - Centralized session and WebSocket state management
  • PostgreSQL Database - Primary data store with replication
  • Vector Database - Scalable RAG document storage (PGVector, Qdrant, etc.)
  • Object Storage - S3-compatible storage for files and artifacts
  • Identity Provider - LDAP/AD, SCIM, or OAuth SSO
  • Observability Stack - OpenTelemetry collector, metrics, and log aggregation

Getting Started

To enable enterprise features, configure the relevant environment variables:
  1. LDAP/Active Directory - See LDAP Integration
  2. SCIM Provisioning - See SCIM 2.0 Provisioning
  3. Access Control - See Role-Based Access Control
  4. Observability - See OpenTelemetry Monitoring
  5. Horizontal Scaling - See Redis Scalability

Configuration Management

Open WebUI supports both environment variable and database-backed configuration:
  • Environment Variables - Traditional deployment configuration
  • Persistent Configuration - Database-backed settings that can be updated at runtime
  • Redis Synchronization - Configuration updates propagated across all instances
Set ENABLE_PERSISTENT_CONFIG=true to enable runtime configuration updates across your deployment.

Security Best Practices

For production deployments:
  • Use strong WEBUI_SECRET_KEY for session encryption
  • Enable TLS/SSL for all connections (HTTPS, Redis TLS, database SSL)
  • Configure CORS_ALLOW_ORIGIN to specific domains (never use * in production)
  • Use separate credentials for LDAP/SCIM service accounts
  • Enable audit logging and monitoring
  • Regularly update to latest LTS versions

Next Steps

LDAP/AD Integration

Connect to Active Directory or LDAP servers

SCIM Provisioning

Automate user lifecycle with SCIM 2.0

RBAC

Configure role-based access control

Observability

Monitor with OpenTelemetry