Overview
You have to map attributes from your SAML SSO Identity Provider to the fields offered by your Jive community, to accurately synchronize authentication and user data.
This article provides you general tips on determining the IdP's attributes and lists the Jive's required fields for SAML SSO mapping.
Information
Determining the IdP's Attributes
The easiest way to figure out how your IdP's attributes are set, is to set the Email field in the General tab of Jive to something you know is not in the response, like xxxxemail.
You can then look at the error message for all the available attributes in the SAML Response. Many IdPs assign both a Name
and a Friendly Name
to each assertion attribute. When you are setting up Attribute Mapping, you should use Name
.
By default, user mapping uses the SubjectNameID
attribute which defines the user name as a unique identifier to link the Jive account with the IdP identity. You can use a different attribute for either the user name or the External Identifier. The External Identifier should be a value that will remain the same even if the user name and email address change. In ADFS, this attribute will typically be a unique objectGUID
attribute.
For ADFS, the Name
value typically looks like a URL, for example, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
.
Jive does not support mapping to complex profile fields, such as multiple select lists or addresses.
Required Mapping Fields
By default, Jive user accounts require Username
, Email
, Firstname
, and Lastname
to be populated. If your SSO server will be used to generate accounts automatically on login, make sure the following fields are mapped:
ExternalIdentity
Username
Email
Comments
0 comments
Article is closed for comments.