Password management

If you use password expiry policies with Active Directory, your users can change their password directly from the intranet. This feature also works for Mac and remote users.

If your organization is not using Active Directory, or you want to add users who aren’t in your Active Directory, user names and passwords can also be managed within ThoughtFarmer.

Active Directory integration

Two-way Active Directory synchronization keeps groups, profile pictures, security profiles, and employee contact information up to date across systems. We also offer multiple active directory synchronization.

SAML-Powered identity provider

Increase password security and simplify user management. Our employee directory connector is installed behind your firewall, so it can provide deep active directory synchronization while making your intranet extra secure.


Single Sign-on

Dispense with usernames and passwords. If you run ThoughtFarmer on your internal network, Windows Integrated Authentication can be used for automatic logon.

Expanded Single Sign-on support

Save staff time and unburden your support team from forgotten or expired password requests using the cloud based authentication service you’re already using. ThoughtFarmer 8.5 now supports authentication with every major SAML provider—including: Azure AD, Google, Microsoft, OneLogin, OKTA, Ping Identity—as well as on-premise Active Directory via the Employee Directory Connector, our own SAML provider. Need a different SAML provider? Just ask—we probably support it.

Automatic user synchronization for Active Directory and OKTA

Automatically synchronize user account and group details with directories powered by Active Directory and OKTA. Simplify user provisioning and deprovisioning with on-demand and scheduled sync that includes all profile fields as well as group and security membership.