Single sign-on (SSO) is a great way to seamlessly allow access to your Jive Community without the need for separate logins and passwords for your employee user base. At first glance, implementing SSO for your Jive community can be overwhelming. However, with the latest and greatest versions of Jive, SSO has become easier than ever to configure and deploy. In my experience with configuring, troubleshooting, and deploying several SSO/Jive setups, I have discovered a few “gotcha’s” that you should steer away from (the SSO don’ts) as well as information that should be prepared and planned (the SSO do’s).
Do IT rightWhen you’re planning to integrate SSO with your Jive instance (5+), it’s important to have a vendor/protocol that your tech team and organization is comfortable with.
Do your homeworkTake the time to understand your SSO provider and various configurations that you have available.
Do what worksMake sure you pick a configuration that has worked well in the past (such as an http-redirect or http-post service bindings).
Do security a favorCheck with your security team and ensure everything is kosher across the board – and that enabling SSO is not violating any policies.
Do pick a unique identifierPick a username and ID that is unique. I personally like email address, as it should be unique in your environment. If you’re using SAML and Active Directory, choose Name ID to be your GUID (Global Unique Identifier) and ensure it’s your global catalog GUID.
Do your mappingKnow your user field mapping! Even though Jive makes it easier to configure the profile fields to your single sign-on token information, it is always wise to know which fields are going to map to what. Plus, you will speed up the configuration.
Active Directory Field “sn”
Jive Profile Field “lastname”
Do the SSL danceIf you have certs that need to be set up, get familiar with the location of the certs and get the proper-signed metadata for endpoint setups.
Don’t rushTake the time to set up your single sign-on solution properly the first time around. You will regret making decisions that might complicate your solution in the future.
Don’t reinvent the wheelTry to stick to existing SSO standards. The more you stray away from the out-of-box configurations, the more complex your setup will be become. Keep things simple and standard.
Don’t panicAside from being written on the back of The Hitchhiker’s Guide to the Galaxy, it’s important to keep these words in mind when problems surface with your SSO and leverage the debug mode in the SSO configuration.
Don’t forget about your resources
- If you are having serious issues with your SSO configuration, there are a number of things you can do to help solve them. Every Jive customer gets their own secret support group where you can create cases to ask for help or troubleshoot – you can get there by navigating to https://community.jivesoftware.com/support.jspa. You can also post a question in the general support space: https://community.jivesoftware.com/community/support. Or you can ask me, and perhaps I can point you in the right direction.
Last but not least, here is a list of documentation and information from the Jive Community that I have found extremely useful when configuring SSO: