Single Sign-On (SSO) allows you to integrate Jive authentication with an external identity provider (IdP). When you implement Single Sign-On (SSO) with SAML 2.0, information for each user is passed from the IdP in the form of a digitally-signed XML document. Microsoft Azure AD, in particular, is a popular SSO IdP. Azure AD has a number of features that are different from other IdPs (like Okta).
Security Assertion Markup Language (SAML) is an XML standard that facilitates the exchange of user authentication and authorization data across secure domains. Jive authentication through SAML includes the following stages:
Please see this article for a detailed look at SAML/SSO: JIVE-217 Beginner SSO/SAML
See Article on Supported Authentication Systems.
LDAP and SAML SSO are common sources of confusion:
- Both provide mechanisms for creating users and storing information about them in a central directory.
- Both are used for authenticating users.
- LDAP sends the user’s credentials to Jive, and Jive does the job of authentication.
- With SAML SSO, the IdP handles the authentication and simply tells Jive whether the user has been authenticated or not. Jive does not know what authentication method is used by the IdP - it could be simply username and password-based, or there could be a mechanism for 2 Factor Authentication.
See the below useful articles about SAML-SSO and Microsoft Azure AD:
- Setting Up Single Sign On
- Microsoft Tutorial: Azure Active Directory single sign-on (SSO) integration with Jive
Users Not Syncing from Azure AD to Jive
Customers use Azure AD as the central repository for all the users of their enterprise, for multiple software applications including Jive. When users are created in Azure AD, they can be automatically synced to Jive on a schedule. Sometimes, even many hours after the user creation in Azure, the users are not visible in Jive’s User Search.
A point of confusion is that User Sync on a Schedule is not the default behavior for most IdPs. This is a special feature that can be configured in Azure AD. In most scenarios, the default behavior is that users are created in Jive when they first log in using SSO.
The users may actually be getting created in Jive, but not appearing in User Search because of an issue with the User Search Index. Follow this troubleshooting article to check if this is the case.