Overview
You may notice that end-users who have recently made updates to their user profile such as username, first name, or last name, etc in their LDAP profile are not able to log in to the Jive community and see access errors. An example of the error that the users who are trying to log will see:
SSO Error
An error occurred while attempting authentication through single sign-on (SSO)
Diagnosis
This error occurs due to two user accounts existing in the Jive community with the same username or email address during LDAP sync.
Assumption
The user has a profile on both SSO and LDAP systems and both systems are configured in the Jive community.
Action
The user changed their user profile details in the LDAP system and tries to log in to the Jive community using SSO authentication.
Expected Result
The user should be able to login successfully and their user profile updates should reflect in their Jive community user account.
Actual Result
The user seeing an SSO login error and is unable to access the Jive community.
Root Cause
Jive LDAP sync has a nightly task that syncs LDAP changes. When LDAP sync comes across a changed user profile (that also has SSO as external identity as well as LDAP), it creates a new user profile instead. Since this creates two user profiles in the system, the default behavior for LDAP sync is to disable the old user profile (that has SSO as the external identity). This results in future SSO login failures for the user.
Prerequisites
Administrative access over your Jive instance with either Manage Users, Manage System, or Full Access permissions.
Solution
These steps will need to be performed by a Jive system administrator.
- Login to your Jive instance and navigate to Admin Console.
- Go to People > User Search and select the old user profile out of the duplicate profiles. You can use the Search option on the page and also look at the column Created on to find the profile.
- Perform these actions (in no particular order) and then Save the changes to the user profile by clicking on the Save button at the bottom of the screen.
- Unfederate the user.
- Delete connections to all External Identities.
- Activate the user.
- Change the user's password using the Change Password.
- Find the new user profile (similar to point 2 above) and either deactivate it or delete it. You may want to take a backup of any new content that the user may have created if any.
- Provide the username and the password to the user for accessing the Jive community.
Testing
The user will successfully be able to log in and use the Jive community using the new credentials.
Comments
0 comments
Please sign in to leave a comment.