This article describes the process to follow when configuring Single Sign-On (SSO) with Security Assertion Markup Language (SAML).
The same operation can be performed also when you need to change your Metadata file: just follow the same process described in the Solution, but using your new Metadata (sometimes called Federation Metadata). For example, the SSO server was updated or changed, your SSO is not working, all your users are unable to login, and you need to change your metadata in order to match the metadata of the SSO server.
Depending on your requirements, you can use SAML solely for authentication of users; for group authorization; or for populating the Jive profile by synchronizing from the Identity Provider (IdP) on login.
- Navigate to Admin Console > People > Settings > Single Sign-On > SAML.
- Download the SP Metadata file that you will need to provide to your Identity Provider. SP stands for "Service Provider", that acts as a client to your Identity server, called IdP (Identity Provider).
- Click on the IdP Metadata tab.
- In the Metadata tab, paste in the XML containing the connection metadata that you received from your IdP.
- Click on Save Settings to load it.
- In the User Attribute Mapping tab, map the user attributes in the Jive profile to your IdP's attributes.
- If you want to assign users to groups by passing a special group attribute from your IdP to Jive, select Group Mapping Enabled.
- Click on Save Settings.
- Restart the Jive community.
You need Full Admin permissions in order to perform steps 1 to 8.
You need Jive Cloud Admin with Restart Capability in order to perform step 9: JCA is available for both Cloud and Hosted customers, but only Hosted can perform a Restart. This is not an issue for On-Premise customers that can perform the restart directly since they have physical access to the Jive server. You can reach out to Support in case you are not able to perform any of the steps required.
- before you configure SSO, make sure you have a migration strategy for any existing Jive users. Implementing SSO without migrating your users to your new authentication provider will orphan existing user accounts, and local users will not be able to access their community content.
- setting up Jive Authentication in a complex environment can be a difficult task - if you prefer, you can engage Jive Professional Services in order to help you to design and implement the best solution for your needs.