Deep Dive: Mixed Mode Authentication

Version 4

    At Jive, we are constantly looking for ways to improve experiences and manageability for Jive users and administrators. Mixed mode authentication enables Jive-x community administrators to provide a dual user authentication flow, from a single login page, for their SAML SSO users and their non-SAML SSO users. For most organizations this would include internal (employee) and external (non-employee) users. New external (non-SAML SSO) contributors will be able to self register, if they have not previously authenticated to the site.

     

    Functionality

    Mixed mode authentication allows a Jive administrator to provide two modes of authentication for users. A typical use case is when employees are authenticated using the corporate SAML SSO flow and non-employees are authenticate using the Jive local repository using credentials.

     

    Configuration

    The Configuration of mixed mode authentication is as follows:

     

    1. As the Full Admin, ensure that SAML SSO is enabled and configured correctly. By providing the correct Service Provider, SP metadata to the SAML Identity Provider, IdP, the IdP will instruct you on which information they need from the Jive SP metadata file, see the image below. For more details on how to configure your site for SAML SSO please see the documentation, Core Help.

    Screen Shot 2015-10-06 at 6.19.07 PM.png

     

     

    2. Enable form-based login. This enables a dual login page, allowing SSO users to login differently from non-SSO users.

    Screen Shot 2015-10-06 at 6.40.23 PM.png

     

    3. Provide the text for your dual login page.

    Screen Shot 2015-10-06 at 5.31.28 PM.png

     

     

    4. Select preview to display your newly created login page. Employees will be taken through the corporate SAML SSO authentication flow and non-employees will be authenticated using credentials stored in the Jive local repository.

    Screen Shot 2015-10-06 at 5.32.06 PM.png

     

     

     

    FAQ

    QuestionAnswer
    Which version can I get Mixed Mode authentication on my Jive-x community?Jive-n and Jive-x Cloud version 2015.3+
    I have an external community site, I want both SSO and non-SSO users to be able to login to access the site and authenticated content. Will mixed Mode authentication work for me?Yes, mixed mode authentication can serve this use case, once you have enabled your site for SAML SSO and have entered your IdP's meta data in the Jive Admin Console.
    If an external user is not an existing user, will they have the ability to self-register?Yes, an external contributor will have the ability to self-register to access certain content.
    I already have an existing community with employees and customers. How do I transition to use SSO for employees while keeping the same login for customers?

    First, you will need to configure and enable SAML SSO to work with your IdP.  Then, under People -> Settings -> Login Settings, enable Form-based login.  This will cause a login page to be displayed with two options, one for SAML SSO login and one for the same username/password form-based login that your had previously.  You may edit the text for this login page under People -> Settings -> Single sign-on -> Login Entry Page.

     

    The next step is to set two settings which will cause users who login through the SSO to be "mapped" to their existing Jive accounts if their username or email matches the SSO credentials.  In People -> Settings -> Single sign-on -> SAML -> General, enable both Username Identity and Merge Local Users.  After a user logs in via SSO, they will no longer be able to login via the Jive login form with their username and password.

    Which social sign-in mechanisms are supported?There is no change or addition to the supported mechanisms as part of the mixed mode authentication. We still continue to support Facebook and Google OpenID.