Several built-in security features allow
you to configure your Jive
community for the appropriate level of security for your organization.
Using the Admin Console, you can configure Jive to
strongly discourage automated (computer-driven) registration and logins.
Automated registration is usually an attempt to gain access to the
application for malicious reasons. By taking steps to make registering and
logging in something that only a human being can do, you help to prevent
automated attacks. We recommend using the following tools, all of which are
available as options in the Admin Console:
Login Throttling: Enabling login throttling slows down the login
process when a user has entered incorrect credentials more than the
specified number of times. For example, if you set the number of
failed attempts to 5 and a forced delay to 10 seconds and a user
fails to log in after more than 5 attempts, the application would
force the user to wait 10 seconds before being able to try
Login Captcha: Enabling login Captcha will display a Captcha image
on the login page. The image displays text (distorted to prevent
spam registration) that the user must enter to continue with
registration. This discourages registration by other computers to
send spam messages. The login Captcha setting is designed to display
the Captcha image when throttling begins. In other words, after the
number of failed attempts specified for throttling, the Captcha
image is displayed and throttling begins. You cannot enable the
login Captcha unless login throttling is enabled. The Captcha size
is the number of characters that appear in the Captcha image, and
which the user must type when logging in. A good value for this is
6, which is long enough to make the image useful, but short enough
to make it easy for real humans.
Password Strength: You can choose to enforce strong passwords via
the Admin Console. The following options are available out of the
a minimum of 6 characters of any type
a minimum of 7 characters including 2 different character
types (uppercase, lowercase, number, punctuation, and/or
a minimum of 7 characters including 3 different character
a minimum of 8 characters, including all 4 character
By default, Jive passes a token that persists the user session for 30 minutes from the last request. If you have a specific need to modify this limit (for example, if you need to make your Jive session timeout match the timeout of your identity provider when configuring SSO), you can use the auth.lifetime system property to set a new session timeout period in minutes. Keep in mind that increasing session duration increases security risks such as session hijacking and unattended workstation tampering. You should consult your organization's security team before you modify this value.
You can configure Jive to
require email validation for all new accounts. This setting helps to prevent
bots from registering with the site and then automatically posting content.
When you configure email validation, Jive will
require a new user to complete the registration form and retrieve an email
with a click-through link to validate their registration. To learn how to
enable this setting, see Configuring User Registration.
not offer account lockout as an out-of-the-box feature. However, you can
configure Jive to authenticate against a third-party SSO that will perform account
includes support for SAML out of the box and can also
be implemented as a customization from Jive's Professional Services team, a
Jive partner, or an engineer of your choice. Be sure to read Getting Ready to Implement SAML SSO.
When delegated authentication is enabled and configured, Jive makes a simple Web Service
call out to the configured server whenever a user attempts to log in.
This allows administrators to control the definition of users outside of the community.
To learn more about this, see Configuring Delegated Authentication.
powerful built-in end user and admin permissions matrices, as well as customizable
permissions. Depending on the assigned role, users can see or not see specific
places and the content posted there. In addition, administrative permissions can be
used to limit the access level of administrators. Jive administrators
control user and admin permissions through the Admin Console. To learn more about
how permissions work, see Managing Permissions.
Moderation and Abuse Features
administrators can enable moderation so that designated reviewers view
and approve content before it is published in the community. This can be
useful for places that contain sensitive information. In addition to
content moderation, administrators can enable moderation for images,
profile images, avatars, and user registrations. For more about moderation,
see the Moderation section.
Administrators can enable abuse reporting so that users can report abusive
content items. To learn more about abuse reporting, see Setting Up Abuse Reporting.
Administrators can block a person's access to Jive so that they are no
longer able to log in to the community. For example, if someone becomes
abusive in their messages (or moderating their content is too
time-consuming), administrators may choose to ensure that the user can
no longer log in. Users can be banned through their login credentials or
their IP address. Be sure to read Banning People for
Interceptors can be set up to perform customizable actions on incoming requests that seek to post content.
Administrators can set up interceptors to prevent specific users from posting content or
to filter and moderate offensive words, anything from specific IP addresses, or the posting frequency
of specific users. To learn more about how interceptors work, see Configuring Interceptors.
HTTPS encryption is required for running Jive. Jive supports TLS 1.0 and up.
Encryption at Rest
Encryption at rest is available to North American customers as an addition.
Jive uses HTTP cookies in several places in the application to
Jive and Cookies.
Note: The Jive Professional Services team can deliver security customizations if the
out-of-the-box security features do not meet the specific requirements of your