Everything you need to make Obsidian multiplayer at work

Everything you do in Obsidian, now multiplayer

Real-time collaboration

Live, multiplayer editing inside the vault your team already uses.

  • Live co-editing — multiple people edit the same document with changes appearing instantly.
  • No merge conflicts, ever — concurrent edits reconcile automatically.
  • Live cursors and presence — see who is in a document, color-coded, with names attached.
  • Works across file types — Markdown, Canvas, Bases, plain text, JSON, YAML, and binaries.
  • Keep working offline — edits sync back up the moment you reconnect.

Native Obsidian integration

An Obsidian plugin. Not a web app pretending to be one.

  • Installs as an Obsidian plugin — no browser tabs, no second app.
  • Right-click any folder to share it; a network icon marks it shared.
  • Remote changes write directly to your local files; your edits propagate the same way.
  • Connection status — connected / syncing / disconnected — lives in the Obsidian footer.
  • Canvas and Bases come with the folder, not as a future roadmap item.
  • Invite links open the shared folder directly in Obsidian via a custom protocol handler; 1-, 7-, or 30-day expiry.

Access control, without the ceremony

Owner, Editor, Viewer — enforced on the server, not the client.

  • Three-tier roles per shared folder: Owner, Editor, Viewer.
  • Server-enforced permissions — Viewers physically cannot send edits.
  • Open a folder to the whole organization with a default role for everyone.
  • Map corporate directory groups to shared folders for bulk access.
  • Role changes apply in real time, even to documents that are already open.

The enterprise plumbing, documented

Enterprise identity & SSO

Standards-based SSO and automated provisioning with your IdP.

  • OIDC and SAML 2.0 — Okta, Azure AD, Google Workspace, Keycloak, and any standards-compliant IdP.
  • SCIM 2.0 provisioning — create, update, deactivate, and group-sync users automatically.
  • Secure desktop authentication — modern OAuth flows without embedded client secrets.
  • Require SSO-only authentication; disable local password accounts entirely.
  • Automatic deprovisioning — when your IdP removes a user, sessions are revoked and seats are freed immediately.

Deployment flexibility

Managed cloud with tenant isolation, or bring it entirely in-house.

  • Managed hosting — each customer gets a dedicated, isolated AWS account with its own database and compute.
  • Self-hosted — a single Docker image plus docker compose; bring your own PostgreSQL.
  • Air-gap friendly — self-hosted deployments make zero outbound network calls.
  • Offline license keys — no license server, no phone-home requirement.

Security & compliance

Per-tenant isolation, full audit trail, and data-subject endpoints built in.

  • Per-tenant AWS account isolation — separate accounts, not separate database rows.
  • AES-256 encryption at rest; TLS 1.2+ in transit.
  • Full audit trail — every login, role change, file access, provisioning event, and admin action.
  • Audit export — CSV and JSONL for your SIEM.
  • GDPR and CCPA data-export and PII-erasure endpoints built in.
  • Continuous threat detection across all tenants.
  • SOC 2 Trust Services Criteria controls mapped — access control, change management, logging, data segregation, availability. See the security page for the full story.

Administration

One web dashboard for everything your admins and security team need.

  • Admin dashboard for users, rooms, IdP configuration, sessions, audit logs, and seat status.
  • Per-organization users, rooms, configuration, and admin roles.
  • Per-endpoint rate limits on login, invite creation, SCIM calls, and provisioning.
  • Session management — list active sessions by IP and device; force sign-out for any user.
  • Full user lifecycle — invite, activate, deactivate, reactivate, export, or erase.

Operational reliability

Auto-scaling, canary deploys, and point-in-time backups on the managed plan.

  • Auto-scaling Fargate tasks based on CPU load.
  • Zero-downtime rolling deploys with circuit breaker and automatic rollback on failure.
  • Automated backups with 7-day retention and point-in-time recovery.
  • Canary deployments — new versions go to a canary tenant first; fleet rollout halts on failure.
  • Per-tenant monitoring — seven alarms covering 5xx rate, latency, CPU, storage, connections, and task health.
  • Fleet dashboard aggregating active tenants, error rates, latency, and resource utilization.

Observability & monitoring

The telemetry your platform team already knows how to consume.

  • Prometheus metrics — active WebSocket connections, HTTP request counts, database pool stats.
  • Structured JSON logs with request IDs, status codes, and latency on every request.
  • Readiness and liveness health endpoints for container orchestration.
  • Automated post-deploy smoke tests — health, API version, OAuth discovery, and WebSocket upgrade.

See it in your vault

Tell us about your team and your IT requirements. We'll walk through a deployment that fits.

Contact Sales