Getting Ready to Implement SAML SSO

Before you begin configuring a SAML SSO implementation, make sure you read about the requirements and best practices.

A successful SAML implementation requires the following prerequisites.

SSL Implementation

It is theoretically possible to implement SSO without SSL, but this raises some difficult security challenges. You should implement SSL, and you'll find it much easier to set up SSO if your jiveURL uses https, not http.

Disable Storage Provider File System Caching

Before you begin setting up SAML, go to System > Settings > Storage Providerand click Edit. Then select No under Cache Enabled. You won't be able to modify your IdP metadata unless caching is disabled.

LDAP Integration

If you're going to use LDAP in conjunction with SAML, we recommend using SAML for authentication only, while using LDAP for user provisioning, user deprovisioning, and profile synchronization. LDAP setup can be a lengthy process including VPN setup and testing, so allow time for this setup process if you're implementing LDAP as part of your SSO implementation.

Migrating Existing Jive Users

Before you implement SAML, make sure you have a migration strategy for any existing Jive users. Implementing SSO without migrating your users to your new authentication provider will orphan existing user accounts, so users can't access their community content. If you use LDAP sync, CSV sync, or web services to auto-provision users, you can use Username Identity to look up existing users by username. If you don't, you can manually create users in the new jiveexternalidentity table. Please contact Support for help if you're planning to use this approach.

If you use Username Identity, you need to make sure your existing users are marked as federated users. Jive Support can help you with this step.

Required Information

Before you begin the configuration process, you must have the following information available:

Planning for Jive User Provisioning and Profile Synchronization

When you implement SAML, you need to decide on a strategy for which members of your organization will be included in the Jive Community, and with what rights. For example, you'll need to decide whether all your organization's users should be able to create accounts in the Jive community, and whether you will assign them to authorization groups. If you're primarily responsible for the technical implementation of this feature, make sure you discuss these decisions with your Community Administrator.