Security for Jive Mobile

Jive Mobile includes security features for user registration and access, data storage, and transmission. The Mobile Gateway is audited daily by McAfee Secure.

The Jive Mobile plugin relies on a mobile gateway that acts as a proxy and is hosted in Jive Software’s U.S.-based and Amsterdam-based data centers.

To learn more about the security of Jive, be sure to read Jive Security.

Data Storage

The Jive Mobile Gateway stores the information it needs to communicate with your Jive community, such as which version of Jive you're running, as well as most of the mobile and tablet customization options you've configured from the Mobile tab of the Admin Console. No Jive user credentials or Jive community content is stored or cached by the Mobile Gateway. For more information about the security of content in your Jive instance, see Jive Security.

When using Jive Mobile via a mobile browser, you can establish a zero data footprint by setting the core API Cache-Control header on everything as follows:

no-cache
no-store
no-cache
must-revalidate
private
max-age=0

In addition, you can suppress the ability to download binary documents with a customization. Contact Jive Support for more information.

Data Transmission

Mobile Client to and from the Mobile Gateway:: This connection is always secured by HTTPS.
Mobile Gateway to and from your Jive instance:: The Mobile Gateway proxies requests from the mobile client to the Jive instance's gateway access URL. Therefore, we recommend all Jive users specify an HTTPS URL for the gateway access URL. The gateway can be configured to strictly validate the Jive instance's SSL certificate.

User Authentication and How It Works

In an external community (typically for customers, vendors, and other external audiences), Jive Mobile proxies usernames and passwords through the Mobile Gateway for authentication by your Jive community, using the Jive user database, LDAP, or Jive delegated authentication. In an internal Jive community (typically for employees only), Jive Mobile defaults to mobile device registration, which provides compatibility with SSO integrations. (You can switch this default behavior; contact your Jive Software representative for more information).

Here's how mobile device registration works:

The user logs into the community via SSO from his/her desktop and goes to Preferences > Mobile to add and register their mobile device(s).
Jive provides the user a single-use activation code for each device.
The user goes to the community URL on their mobile device and enters the activation code and re-enters their community username and password as an extra validation step. (This process occurs only once. Users can invalidate mobile device access at any time by removing the device(s) from their Preferences).

The security benefits of mobile device registration include:

Users' credentials never pass through the Jive Mobile Gateway.
Jive users can remotely revoke their mobile access to the community at any time by deleting the device from the desktop interface. This is especially helpful if a user's device is stolen or lost.

Here is the basic workflow of mobile:

Passcode Option: For communities using mobile device authentication, Jive Software offers an additional layer of mobile device protection that requires users to enter a device-specific passcode each time they access the community from their mobile device. If you are interested in this feature, contact your Jive Software representative.

Mobile On-prem Option

The standard Mobile plugin is available to hosted or on-prem Jive customers. If your organization has a strict ban on hosted services, Jive Software offers an on-prem Mobile plugin option that does not require the Jive Mobile Gateway, but has limited capabilities and features. If you are interested in this version, ask your Jive Software representative for more information.