Integrations
Skald is designed to slot into the systems your organization already runs. This page is the index of every supported integration, what tier it requires, and where to find the setup guide.
Identity & access
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| OIDC (Okta, Entra ID, Google, Auth0, Keycloak, …) | Enterprise | Single sign-on via OpenID Connect | SKALD_OIDC_* env vars — see environment variables and SSO testing |
| SAML 2.0 | Enterprise | Single sign-on via SAML — DB-backed config, includes self-service portal link | SAML SSO setup |
| SCIM 2.0 | Enterprise | Automatic user / group provisioning from your IdP | SCIM provisioning |
| MFA (TOTP) | All tiers | RFC 6238 authenticator-app MFA enrolled per user | Built-in — Account → Security |
| Passwordless / magic-link | All tiers | Email magic links or 6-digit OTPs — off by default | Admin → Login Settings (requires SMTP + SKALD_PUBLIC_BASE_URL for magic links) |
Storage & media
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| MinIO / AWS S3 / S3-compatible | All tiers | Object storage for avatars, chat files, recordings, backups | SKALD_MINIO_* env vars |
| Server-side encryption (SSE-S3, SSE-KMS) | All tiers | At-rest encryption of stored files | Encryption at rest |
| ClamAV | Enterprise | Streams uploads through virus scanning before they land in storage | Virus scanning |
| LiveKit SFU | All tiers | Media routing for voice / video / screen sharing | Bundled in Helm chart; external livekit.externalIp / livekit.publicUrl |
Push, email & mobile
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Expo push | All tiers | iOS, Android, and web push notifications | Default push backend; override with SKALD_EXPO_PUSH_URL |
| Apple PushKit (VOIP) | All tiers | Native CallKit lock-screen ring on iOS | skald.apns.* properties (Team ID, Key ID, .p8 PEM, bundle ID) |
| Firebase Cloud Messaging | All tiers | High-priority Android data push for native incoming-call UI | skald.fcm.enabled=true and service-account JSON path |
| SMTP | All tiers | Outbound email (support forwarding, verification, digests, password reset, magic links) | SKALD_SMTP_* env vars or smtp.* Helm values |
| Expo OTA updates | All tiers | Push mobile JS bundle updates without app-store re-submission | Mobile OTA |
Webhooks
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Outbound webhooks | Enterprise | HMAC-signed POSTs to your systems on user / room / file / moderation events. Automatic retries with exponential back-off, delivery log, test endpoint. | Webhooks integrator guide |
| Inbound webhooks | All tiers | Per-room tokenized endpoints that turn an HTTP POST into a chat message (Slack-style). Markdown or HTML, DLP-scanned, rate-limited per token. | Webhooks integrator guide → Inbound section |
Observability
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Prometheus | All tiers | Skald exposes a /actuator/prometheus endpoint; Helm bundle includes Prometheus | Bundled |
| Grafana | All tiers | Pre-configured dashboards for messaging, calls, push, webhooks, JVM | Bundled |
| Loki | All tiers | Structured JSON logs shipped to Loki | Log aggregation (--set loki.enabled=true) |
| Jaeger | All tiers | Distributed traces (OTLP) for the API | Bundled |
| ELK / Splunk / Datadog | All tiers | Same JSON log stream is ingestible by any aggregator | Log aggregation |
| Grafana MCP for AI | All tiers | Read access to Loki / Prometheus / dashboards from Claude Code or other MCP clients | AI observability |
Data import
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Slack export | All tiers | Imports a Slack workspace ZIP — users, channels, messages, reactions, threads | Slack import operator guide |
AI
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| AWS Bedrock | Enterprise | Backs the AI content-moderation classifier and (optionally) chat summaries | Bedrock setup |
Extensibility
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Plugin SDK | All tiers | Drop a Spring @Component implementing SkaldPlugin into the API to add events, REST endpoints, STOMP topics, per-plugin Flyway migrations, client extension points | Plugin author guide |
| Bot tokens | All tiers | Long-lived API tokens for automated agents (separate from user JWTs, separate revocation, separate audit) | Admin → Bots |
| Slash commands | All tiers | Custom server-side slash commands triggered from the chat composer | Admin → Slash commands |
Backups & disaster recovery
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Postgres backups | All tiers | Automated pg_dump archives uploaded to S3/MinIO | Backup & restore |
| MinIO backups | All tiers | Bucket-level mirroring for chat files / recordings / avatars | Backup & restore |
| CloudNativePG | All tiers | Run Postgres as a CNPG cluster instead of the bundled StatefulSet | External database |
Network & transport
| Integration | Tier | What it does | Setup |
|---|---|---|---|
| Reverse proxies (nginx, Caddy, Traefik) | All tiers | TLS termination + WebSocket upgrade for /api, /ws, LiveKit signaling | Reverse proxy & TLS |
| TURN over 443 | All tiers | NAT traversal for clients on restrictive networks | LiveKit TURN on 443 |
Where this list lives
This page is the single source of truth for "does Skald work with X?" — if an integration is missing here, it isn't shipped. Anything labeled "All tiers" works in the open-source Community build.