3 Replies Latest reply on Oct 21, 2015 9:41 PM by pawans

    Jive Mobile App SSO

    akoplen

      Hi there,

       

      When we access our Jive-n community via the Jive mobile app, users are always prompted to enter their log in credentials (username and password). Once they initially activate the app and log in once, are they supposed to be able to access the community via SSO every time after? Or is it normal for them to be prompted to log in every time they open the app?

       

      I understand that accessing the site via mobile browser makes sense to enter log in credentials, but I would like clarification specific to the Jive Mobile App.

       

      Thank you!

      Alexis

        • Re: Jive Mobile App SSO
          pawans

          I guess you need to change the Jive for iOS and Jive for Android setting.

          Go to one of these add-ons in your jive instance add-ons list.

          In the settings, you will see a screen like this

           

          Screen Shot 2015-10-22 at 1.49.04 AM.png

           

          I guess adding a longer time for access token / refresh token and then enabling the checkboxes moves you app from SAML type to oauth type authentication.

          There was a jive official document on this, not able to find. But I am sure you need to set this up here as I had done the same for our community last year.

            • Re: Jive Mobile App SSO
              akoplen

              Thank you for the feedback, Pawan Shah!

               

              So what settings need to be enabled to make it so that the sign on does not expire once they initially activate the app and sign in?

               

              Thanks,

              Alexis

                • Re: Jive Mobile App SSO
                  pawans

                  Hi,

                  finally got some info from one of our old cases last year.

                   

                  So in the above screenshot, if you don't set Access Token and Refresh token values, by default they take 48 hours and 15 years respectively.

                  Then to enable oauth you ned to check Allow this add-on to obtain an access token using an authenticated session.

                   

                  Thats it. This will enable oauth.

                   

                  Here's the info we were  given by jive support which explains this

                   

                   

                  Initial Authentication Through SAML Followed by OAuth

                  Jive Versions supported: 7.0.1+ and Cloud

                  Note: this option is not available for Jive 7.0.0x.

                   

                  With this method, a user authenticates initially through SAML SSO. Then Jive Mobile converts the session to a longer-lived OAuth session. This is achieved by setting the Access Token and Refresh Token timeouts for the Add-on to an interval greater than the timeout settings of SAML SSO, thereby circumventing the timeout settings of both auth.lifetime (the Jive authentication session) and the SAML SSO session. Keep in mind that if you use the default values for the Access Token timeout (48 hours) and the Refresh Token timeout (15 years), the user will not need to log in again on mobile unless the device’s authentication is revoked or the values are changed.

                   

                  This method has the following advantages:

                  • The user can revoke a device authenticated through SAML SSO, a feature that is not available by using regular SAML SSO login alone.
                  • Users who authenticated through the mobile clients and the regular web UI can have different timeout settings, while using the same authentication login flow and the same IdP.

                  Configuring Initial Authentication with SAML Followed by OAuth

                  1. Enable the Jive for iOS or Jive for Android* Add-ons. Jive Custom customers whose instances aren’t Internet-connected should contact Jive to get access.
                  2. If you have Community Manager rights or higher, use the Add-on settings in the menu under your name or avatar to configure the Mobile Add-on as follows:
                  • Set the Access Token and Refresh Token timeouts for the Add-on to an interval greater than the timeout settings of SAML SSO.
                  • Enable Allow this add-on to obtain an access token using an authenticated session. (Enabling this setting returns a 200 status code when/api/addons/<extensionUUID>/session-grant-allowed is passed. Otherwise, this call returns a 403 error.