Security for SharePoint

Jive integrates with SharePoint without sacrificing security. This topic tells you about the security behind the Jive and SharePoint authentication, and how Jive secures your content.

For security and data integrity, when you upload documents directly into Jive, they are stored in hidden libraries on the SharePoint site. The binaries aren't directly available to a regular SharePoint user. This means, if you have SharePoint Site permission but not Jive permissions, you will not be able to access any Jive documents. It also means Jive for SharePoint can't capture any changes made from SharePoint to these docs so they are only available via the Recent Activity or Jive Content web parts. You can always access these documents via the web parts, and download them directly from there.

Connection and Authentication

For permissions passed from a Jive log in to SharePoint for SharePoint-based permissions, Jive for SharePoint uses the core application’s user credentials specified in the connection settings of the Admin Console page where you set the HTTP call authentication. The permissions are then set by Jive on the network credentials for the HTTP REST calls to the SharePoint Connector API, which are located on the SharePoint server, deployed solution.

All system actions are initiated from this user. For example, create site, assign permissions on a specific site, Jive document operations, and so on.
Note: The Jive document operations are limited to a hidden document library only.

Remote document, remote document tab, and previews are done using impersonation of the user connected to Jive. Jive for SharePoint ensures that the user has permission to perform the action on any document by using the native Microsoft .NET API. Jive for SharePoint uses the site collection user to establish HTTP calls as described previously, but Jive for SharePoint passes this as a parameter that the Jive for SP needs to impersonate. Then, using the .NET SharePoint API, Jive for SP impersonates the access to the site using the user. From that point, Jive for SP relies on SharePoint security and .NET object model only to access the resources using the impersonated user.

Because of the limitation in SharePoint 2007, 2010, and 2013 that does not allow any impersonation on the search service, Jive for SP calls the search page on the SharePoint server from the Jive core. If the user is not authenticated to SharePoint, the user will be required to enter his/her SharePoint credentials to get search results from SharePoint. This is the only feature that establishes a call from the client station to SharePoint directly.

The connection between SharePoint and Jive for SP is done in the site-collection level where the Jive administrator can connect Jive to multiple site-collections. For each site-collection, the admin can set a different system account, which will need to have full-control on that site-collection. In the Admin Console, the Jive administrator selects the default site-collection and a site inside of it to be the parent of all Jive-created sites.

All of the site-to-site mapping is done via Jive; nothing is needed from SharePoint. The mapping occurs during the creation of a Jive group or space; the admin creating that place in Jive sets up the map to the existing site (or chooses a newly created site).

Jive for SharePoint Content Permissions

For Jive-native documents:
Native Jive documents created in the Jive for SP group or space use the permissions set in that place.
Federated Search from Jive (search in Jive returns results from SP as well):
Because Jive for SP uses the browser to establish the connection, the permissions are managed by SharePoint and thus will show the results for that user only.
For SharePoint-native documents:
Jive for SP adds 3 groups when a site is connected to Jive. Jive only adds users to those groups in order to manage the permissions in SharePoint when a user is invited or deleted from Jive's group web page.