This article intends to provide a detailed description of the common terminologies used while configuring SAML SSO with Jive. You can refer to this article to understand the terms used in the SAML SSO configuration-related articles.
IdP - Identity Provider
- The IdP is the SAML Service that the customer is providing. Put another way - the customer provides the identity of the users.
SP - Service Provider
- Jive acts as the Service Provider. Put another way - Jive provides the service that the users will be logging into.
SP Metadata XML
- The SP Metadata contains information that the IdP needs to communicate with Jive via SAML.
- Available at
https://jiveurl/saml/metadataonce SAML is enabled.
entityIDis a string that Jive and the IdP use to uniquely identify each other.
- Available as an attribute in the metadata
EntityDescriptor. For Jive, this is the SSO baseURL, which defaults to the jiveURL.
IdP Metadata XML
- The IdP Metadata describes to Jive what to expect from the SAML response. It lists what user fields are present and describes the format of the response.
- This information is provided by the customer. It is configured in the Admin Console, either by providing the URL of the metadata or by pasting in the XML.
Single Sign-On (Introduction)
Single Sign-On (SSO) is a property of access control of multiple related, but independent software systems. With this property, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system.
Documentation: Setting Up Single Sign-On
What is SAML?
SAML is a protocol for exchanging authentication credentials between two parties, a service provider (SP) and an identity provider (IdP).
- In this case, Jive plays the role of SP. The SP sends a request for authentication to the IdP, which then tries to authenticate the user.
- Authentication typically uses a username and password.
- The IdP typically also contains user information such as login ID, name, email address, department, and phone.
- After authenticating the user, the IdP then sends a SAML XML response message back to the SP, which then logs the user in.
What is an IdP?
An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for providing identifiers for users looking to interact with a system, and asserting to such a system that such an identifier presented by a user is known to the provider, and possibly providing other information about the user that is known to the provider.
- This may be achieved via an authentication module which verifies a security token that can be accepted as an alternative to repeatedly explicitly authenticating a user within a security realm.
- In perimeter authentication, a user needs to be authenticated only once (Single Sign-On).
- The user obtains a security token which is then validated by an Identity Assertion Provider for each system that the user needs to access.
What is ADFS?
Active Directory Federation Services (ADFS) is a software component developed by Microsoft that can be installed on Windows Server operating systems to provide users with Single Sign-On access to systems and applications located across organizational boundaries.
It uses a claims-based access control authorization model to maintain application security and implement federated identity.