This article provides relevant information to be used when clients want to replace their LDAP-based Active Directory (AD) to use Security Assertion Markup Language (SAML)/Single Sign-On (SSO).
- Jive Interactive Intranet
- Jive Core
The manager attribute is not included by default in SAML. In the context of Jive, SAML and LDAP are used as follows:
SAML is a protocol for exchanging authentication credentials between two parties, a service provider (SP) and an identity provider (IdP). In this case, Jive plays the role of SP. The SP sends a request for authentication to the IdP, which then tries to authenticate the user.
Authentication typically uses a username and password. The IdP usually contains user information. e.g., login ID, name, email address, department, and phone. After authenticating the user, the IdP sends a SAML XML response message back to the SP, which logs the user in.
LDAP is a protocol used to maintain directories across a network. The most common use case is for user directories, like the User Directory Infrastructure. When you integrate with LDAP, Jive will authenticate against your directory server.
During the setup, you specify which users and groups defined in the directory server you want the application to use.
Jive includes the Organization Chart functionality out-of-the-box, which is populated with data obtained from LDAP and its hierarchical directory, using the manager attribute as the link between users; Jive can use SAML for the same purposes, except for Organization Chart syncing.
A custom field can be set in the IdP to include a reference to the user's manager, e.g., the username, email, etc., but Jive will not use it to link the users together and form a hierarchy within Jive (although the custom field would be mapped). The login could be maintained on the IdP side, and Jive will synchronize the user's data, including the custom field, when the user logs in.
Note: SAML performs the data syncing when users log in only.
You need to set a Custom Profile field in Jive that can map the SAML assertion from your IdP to populate this custom field:
- Create the custom field in Jive by navigating to Admin Console > People > Settings > Profile Settings > Custom Profile Fields > New Field. Refer to Creating New User Profile Fields for more information.
- Once completed, the profile field will automatically show up in Admin Console > People > Settings > Single Sign-On > SAML > General > User Attribute Mapping, where you can map it to the SAML user attribute you want. Change the SAML Metadata settings (it requires a restart).