You have to map attributes from your SAML SSO Identity Provider to the fields offered by your Jive community, to accurately synchronize authentication and user data.
This article provides you general tips on determining the IdP's attributes and lists the Jive's required fields for SAML SSO mapping.
Determining the IdP's Attributes
The easiest way to figure out how your IdP's attributes are set, is to set the Email field in the General tab of Jive to something you know is not in the response, like
xxxxemail. You can then look at the error message for all the available attributes in the SAML Response. Many IdPs assign both a
Name and a
Friendly Name to each assertion attribute. When you are setting up Attribute Mapping, you should use
By default, user mapping uses the
SubjectNameID attribute which defines the user name as a unique identifier to link the Jive account with the IdP identity. You can use a different attribute for either the user name or the External Identifier. The External Identifier should be a value that will remain the same even if the user name and email address change. In ADFS, this attribute will typically be a unique
For ADFS, the
Name value typically looks like a URL, for example,
Jive does not support mapping to complex profile fields, such as multiple select lists or addresses.
Required Mapping Fields
By default, Jive user accounts require
Lastname to be populated. If your SSO server will be used to generate accounts automatically on login, make sure the following fields are mapped: