Matrix for company use – should we disable federation?
Users frequently ask how to set up a non-federating Matrix server for a company. This is usually due to not understanding how federation works. This post explains this a bit.
First, federating does not mean everyone can access your rooms from outside. Federation works on room level. If you have zero rooms with users from other servers, no data leaves your server. You can use room options to choose which rooms to share outside your organization and to whom.
Let's take a generic company as an example.
Company internal rooms
Create new room: Private, enable E2EE, select “Block anyone not part of company.com from ever joining this room.”
This will create a non-federating room. No data from these rooms is ever sent outside your server. Rooms can be used for strictly company internal messaging.
Create new room: Private, enable E2EE if needed.
Go to Room settings / Roles and permissions. Set role for “Invite users” to “Moderator” or “Admin” as required.
This room can be used for discussing projects by company employees, but privileged users can also invite customers, subcontractors or other outside participants to join the room.
The messages are readable only by the invited users. The data is sent only to the invited user's servers. There is no central server (not even matrix.org) that can see any of the data. If the room is E2EE encrypted, the message content is readable only by the user's clients, not even their servers. This applies also to shared files – in E2EE rooms they are also encrypted.
Public rooms (contact, recruitment, support..)
Create new room: Public, do not enable E2EE, add a nice address for the room. Add link to the room to company web page.
These rooms can be used as public contact points for your company. Move discussions to direct messages if non-public information needs to be discussed with user.
Spaces can be used to group rooms, but also limit users who can join rooms. You might want to create space for all employees containing company rooms.
For extra security you can mark company internal rooms to require membership in company space. You can add more spaces freely for different parts of organization (sales, marketing, management) and use them to limit who can join which rooms.
Room Access Control Lists
This feature is not exposed in Element UI yet so it requires some API usage. You can setup per-room server access control lists to white/blacklist servers that can participate in a room.
For extra layer of security you may want to add room ACL in some rooms. For example if you want to allow only users from company.com and customer.com to join, you might want to set them to allow-list of the room and deny others. This way even admins or moderators cannot invite outsiders to this room. See this page for documentation.
Room ACL's also make it possible to make public rooms which can be joined from specific servers without invite.
- Don't disable federation. It's a powerful feature and does not compromise security if used correctly.
- Matrix is still suffering from chicken and egg problem. This is like 1995 for e-mail and will hopefully change in future. Be ahead of the curve.