Configuring SSO with external login

Here you find instruction on enabling SSO with Facebook Connect and Google OpenID Connect.

Fastpath: Admin Console > People > Settings > Single Sign-On > External Login

You can enable either external login or externally accessible groups.

Important: Before you configure SSO, make sure you have a migration strategy for your existing Jive users. Implementing SSO without migrating your users to your new authentication provider will orphan existing user accounts, so users can't access their community content. For more information, see Understanding SSO with external login.

To implement SSO for Jive with external logins, you set the Single Sign-On > External Login page to Enabled. If you disable an external login type after enabling it, Jive users will need to authenticate against Jive directly instead of using an external login.

To troubleshoot authentication problems, you can enable Debug Mode on the Single Sign-On > External Login page. You should disable this setting in production.

Facebook Configuration

Before you can enable Facebook login, you need to create an app on the Facebook developer site. Then you should provide your app credentials (the Application ID and secret) in the Jive application to complete SSO authentication with Facebook.

To enable Facebook authentication:

  1. Set up an app on the Facebook developer site. When you're creating your Facebook app, you need to provide your Jive URL for both the App Domains field and the Website with Facebook Login field.
  2. Make a note of both the application id and the application secret: you need them to configure SSO.
  3. In the Admin Console, on the People > Settings > SSO > General tab, select the Enable Username Confirmation for New Users check box.
  4. On the People > Settings > Single Sign-On > External Login tab, under Facebook, provide the client ID and secret.

Google OpenID Connect Configuration

Google OpenID Connect requires an ID and secret from a Google Developers Console project. You can the instructions on obtaining the ID and secret on the Google Identity Platform at https://developers.google.com/identity/protocols/OpenIDConnect.

Google OpenID Connect replaces OpenID 2.0, which is no longer supported by Google. You should only need to specify a realm in case of a migration.

To enable SSO with Google on the Jive side:

  1. In the Admin Console, on the People > Settings > SSO > General tab, select the Enable Username Confirmation for New Users check box.
  2. On the Single Sign-On > External Login tab, under Google OpenID Connect, provide the client ID and secret.