Before you configure SSO, make sure you have a migration strategy for any existing Jive users. Implementing SSO without migrating your users to your new authentication provider will orphan existing user accounts, so users can't access their community content.
You can use the SAML settings dialogs to set up single sign-on with an SAML identity
provider, or to enable, disable, or tweak a configured SAML SSO configuration.
To begin setting up
the connection between Jive and your identity provider, use the following steps:
In the Metadata tab, paste in the XML containing the connection metadata. Click Save Settings to load it.
In the User Attribute Mapping tab, map the user attributes in the Jive profile to your
IdP's attributes. For more information about this topic, see User Attribute
Mapping. Note that importing or saving your metadata populates the General tab
with a list of attributes from your IdP, so you can use it as a reference when you specify
the attributes you want to map.
If you want to assign users to groups by passing a special group attribute from your IdP
to Jive, select Group Mapping Enabled.
Click Save Settings.
Click Download Jive SP Metadata at the top right of the SAML tab
to download the Service Provider metadata you'll need to complete your IdP-side
User Attribute Mapping
User Attribute Mapping
is used to identify fields in the Jive profile that you plan to
populate from the IdP profile by synchronizing them on login. To map a field, specify the
exact IdP attribute used to identify it in the text box and select the
Federated check box. Any fields you don't map will be
user-configurable in the Jive profile settings. (A field that you specify, but do not mark as
federated, will be populated with the specified value but still configurable.) By default, Jive uses the NameID property as
the key unique identifier for a user. You can select Override Subject NameID for
Username and specify a different attribute if you want to use a different key
You can assign users to security groups automatically by
passing a special group attribute from the IdP to Jive. Select Group Mapping
Enabled on the Advanced tab to enable this functionality and provide the group
mapping attribute. The group mapping attribute will be used to get security group names from
each assertion. If the corresponding groups with these names don't exist, they will be created
when you synchronize, and users will be added to these groups. Note that SAML SSO does not
support mixed group management. You can either manage your permissions groups using the IdP, or
using permission groups created in Jive.