Skip to main content

Mapping users and groups from a directory server

If you are provisioning users from a directory server, you can use the User Mapping tab to map selected user fields and the Group Mapping tab to connect LDAP groups to Jive for managing user permissions and synchronization.

Before you begin, make sure you have an active connection to an LDAP directory server in the Server Configuration tab to see the other configuration tabs.

Fastpath

Admin Console: People > Settings > Directory Server Settings > User Mapping and Group Mapping

User Mapping

You can use the User Mapping tab to determine what information LDAP and Jive share and how they keep user information synchronized. You can also specify how Jive identifies external users who have access to externally accessible groups, and which users marked in LDAP are disabled in Jive.

To set up User Mapping:

  1. In the Admin Console, click People > Settings > Directory Server Settings.

  2. In the User Mapping tab, map the user account fields to connect user accounts based on the LDAP fields to be used to create and enable a Jive account based on the directory listing.

  3. If you plan to enable Externally Accessible Groups and want to identify users based on an LDAP match rather than by inviting them directly from the social group, specify a name-value pair by using the User Type Field and External Contributor User Type Value settings.

  4. If you want to disable Jive user accounts by identifying them in LDAP, specify a name-value pair using the User Disabled Field and User Disabled Field Value settings.

    You may do this by using a field that is predefined for this purpose, or you can use any other available name-value pair to disable users based on an attribute. You must also select Disable federated user accounts not found in the directory in the User Synchronization tab.

    For example, Active Directory uses UserAccountControl=514 to mark disabled users: you can specify UserAccountControl as the User Disabled Field and 514 as the User Disabled Value.

  5. Specify any profile fields you want to synchronize by providing the field information from your directory.

  6. If you want to narrow down the number of users to be synched, use the User Filter and User RDN fields to apply the user filters. For more information about preparing user filters, see Overview of directory server integration steps.

Group Mapping

If you are provisioning users from a directory server, you can maintain permission groups in Jive or use your LDAP permission groups.

To connect your LDAP groups to Jive:

  1. In the Admin Console, click People > Settings > Directory Server Settings.

  2. Make sure you defined a valid connection to an LDAP directory server in the Server Configuration tab.

    If you don't have a working connection established, you won't be able to see the rest of the configuration tabs.

  3. If necessary, define and save user mappings. For more information, see Mapping users from a directory server.

  4. In the Group Mapping tab, select Use LDAP to manage Groups and provide the group mapping information for your directory server.

  5. Click Test Settings to validate group mappings against the directory server.

  6. Click Save to save group mapping.

Important

Recommendations for synchronizing permission groups:

  • When syncing LDAP groups to Jive, you should sync only the groups used by Jive. If you leave the Group Filter with the default setting, Jive will sync all groups a user is assigned to in LDAP.
  • Maintaining less than 500 Jive user groups simplifies administration and minimizes any performance impact from having too many groups.
  • After mapping groups from a directory server, you need a migration strategy to switch back to Jive for maintaining groups.

Note: A LDAP group is synced into Jive only when a user from that LDAP group logs into your community. For more information, see Synchronizing LDAP users.

Related

Setting up LDAP and Active Directory