Advanced SAML Integration Settings

The settings on the Advanced tab are used to refine and troubleshoot a SAML integration.

The following settings on the Advanced tab control some less commonly used SSO configuration.
Base metadata URL

This value sets the desired URL for the entityID and endpoint URLs. This URL should be an https. If you aren't using a URL with https, you need to get help from Support to continue setting up SSO.

Enable Username Confirmation for New Users, Enable Email Confirmation for New Users, Enable Name Confirmation for New Users
These settings define the behavior for new users when they first log in. When they're selected, users will be asked to confirm that they want to use their Single Sign-On credentials to interact with the community. By default, these settings are all disabled, since in most cases the intended result is for users to log in using SSO. The Enable Name Confirmation setting has an additional application when users typically log in with either a single-word username or an email address, but may need the option to provide a first/last name combbination. If you select this check box, users can write to those profile fields after initial login.
Note: These fields also apply to any users who may be logging into your community using External ID.
Passive Authentication
When guest access is enabled, issues a SAML AuthnRequest upon first access with "isPassive=true", which should cause the IDP to simply redirect back to Jive if the user doesn't have an active session with the IDP. Note that in 5.0.3, this does not exclude robots, so an instance is effectively excluded from Google or Facebook share, because those bots cannot navigate the SSO process (even though they don't need to authenticate). If you need to list your site on Google or share it on Facebook, don't enable this setting.
NameID Format
For most IdPs, using the default setting is correct.
NameID Allow Create
By default, this check box is cleared. You should leave it cleared unless you receive an error about NameID creation while setting up your SAML integration.
Force Authentication
Forces any user with an existing IdP session to log in again.
Sign Metadata
Specifies that metadata should be signed. You should clear this check box UNLESS your IDP requires that the metadata be signed. If you use ADFS, you must clear this check box.
Requested AuthnContext
Along with Requested AuthnContext Comparison, this optional setting is used to add additional information to requests in certain specific cases. It's disabled by default.
Requested AuthnContext Comparison
Along with Requested AuthnContext, this optional setting is used to add additional information to requests in certain specific cases. It's disabled by default.
RSA Signature Algorithm URI
This setting is used to troubleshoot ADFS integrations.
Key Store
This feature is used by Support for troubleshooting.