Version 4

    Summary

    If you are using SAML SSO in your Jive site for managing user accounts, and you need to update certain user fields, like the username, name, or email address, then you will need to make these changes in your SAML Identity Provider system instead of making the changes in Jive.

     

    If after reviewing this document you still have any questions or concerns around your specific configuration, please file a support case so we can work with you on these changes.

     

    Versions

    Verified for versions: Jive 7, Jive 8, Jive Cloud

     

    Details

     

    By default if you have SAML SSO enabled then the following fields will be managed by your SAML SSO Identity Provider (IDP).  This means that when users log into Jive, Jive will set these fields to the values provided by your IDP.

    • Username
    • Email
    • First Name
    • Last Name

     

    Any changes to these fields within Jive will be reverted back to what is set in your SAML IDP when the user logs in.

     

    You can change what fields are "federated" by going to Admin Console: People > Settings > Single Sign-On > SAML > User Attribute Mapping and clicking the checkbox on the far right of the profile field.

     

    1.png

     

    Setting Sync User Profile on Login

     

    For example, if you wish to change the last name or email address of a user, you will want to make these updates in your IDP system.  You will also need to make sure that "Sync user profile on login" is enabled in Admin Console: People > Settings > Single Sign-On > SAML > General

     

    2.png

     

    External Identity changes

    When you look at a user profile in Jive you will see an "External Identities" table. This data point is what Jive uses to map your SAML SSO user accounts to Jive accounts.

     

    3.png

     

    The particular field that is used to uniquely identify your SAML SSO users is configured in Jive.

     

    If you intend on changing this value, you can do so in Admin Console: People > Settings > Single Sign-On > SAML > User Attribute Mapping

    By default it will use the Subject NameID field sent from your IDP.

     

    4.png

     

    If you want to change the value of the field that is being used as an External Identity in Jive, then you will need to do the following 4 things:

    1. Delete the external entity record from the user's profile within Jive's Admin Console
    2. Go to Admin Console: People > Settings > Single Sign-On > SAML > General and update Username Identity setting to Enabled
      1. Please note, when you do this verify that you are not changing the value used for mapping the Username in Jive. This must stay the same for this process to work.
      2. This is needed to ensure Jive is able to associate the SAML SSO user to the Jive user while the external identity is being changed
    3. Change the field in your SAML SSO IDP
    4. Have the user log back into Jive