3 Replies Latest reply on May 12, 2015 11:37 AM by Scott A Johnson

    Confused about SSO Group Management

    Scott A Johnson

      In the documentation found here Core Help, the section describing Groups mentions "Note that SAML SSO does not support mixed group management. You can either manage your permissions groups using the IdP, or using permission groups created in Jive."

      I'm not sure whether this means that

      "Groups created and updated in the SAML SSO Login are effectively not editable, as they will be overwritten on next login" or

      "Groups created and updated in the SAML SSO Login are locked in the Admin Console UI" or

      "If Groups sync is enabled via SAML SSO Login, all permission groups are not editable through the Admin Console UI"

      Or if it means something totally different.


      What I'm looking for is to sync a group or a few groups using SAML attributes, but will not be syncing all groups as it is not feasible to include all Jive Perm Groups in the IdP.


      Any clarification would be helpful.




        • Re: Confused about SSO Group Management

          I had tried these concepts an year back.

          From what I remember, you can have groups synced from saml IDP as well as local security groups in jive. Just that each of these managed in their respective systems.


          A group created and synced form saml IDP is expected to be managed from saml IDP console. They are editable in jive. but changing them in jive will not sync the changes back to saml IDP which will cause inconsistent state.

          At the same time you can have groups created and totally managed in jive which have no connection with SAML IDP.


          I am assuming this has not changed recently.

          1 person found this helpful
          • Re: Confused about SSO Group Management
            Eric Pierce

            Here is how it works in Jive 7 can't really speak for other version.


            Groups created and updated through SAML SSO login get marked as being Federated and do not allow you to edit their membership in Jive. One other thing to note is that the population of users into the group in Jive happens when they log in so it could take some time to fully see everyone in the group in Jive if people don't log in to the site on a regular basis.


            Groups created in Jive are still fully editable and are shown as not being Federated.