In-product security features

Several built-in security features allow you to configure your Jive community for the appropriate level of security for your organization.

Authentication features

Login security
By using the Admin Console, you can configure Jive to strongly discourage automated (computer-driven) registration and logins. Automated registration is usually an attempt to gain access to the application for malicious reasons. By taking steps to make registering and logging in something that only a human being can do, you help to prevent automated attacks. We recommend using the following tools, all of which are available as options in the Admin Console:
  • Login throttling: You can enable login throttling slows down the login process when a user has entered incorrect credentials more than the specified number of times. For example, if you set the number of failed attempts to five and a forced delay to ten seconds and a user fails to log in after more than five attempts, the application would force the user to wait 10 seconds before being able to try again.
  • Login captcha: You can enable login captcha displays a captcha image on the login page. The image displays text (distorted to prevent spam registration) that the user must enter to continue with registration. This discourages registration by other computers to send spam messages.

    The login captcha setting is designed to display the captcha image when throttling begins. After the number of failed attempts specified for throttling, the captcha image is displayed and throttling begins. You cannot enable the login captcha unless login throttling is enabled. The captcha size is the number of characters that appear in the captcha image, and which the user must type when logging in. A good value for this is six, which is long enough to make the image useful, but short enough to make it easy for real humans.

  • Password strength: You can enforce strong passwords by using the Admin Console. The following options are available:
    • A minimum of 6 characters of any type
    • A minimum of 7 characters including 2 different character types (uppercase, lowercase, number, punctuation, and special characters)
    • A minimum of 7 characters including 3 different character types
    • A minimum of 8 characters, including all 4 character types

For more information about configuring login and password security, see Configuring Login settings, Configuring password settings and Configuring self-service user registration.

Email validation
You can configure Jive to require email validation for all new accounts. This setting helps to prevent bots from registering with the site and then automatically posting content. When you configure email validation, Jive requires a new user to complete the registration form and retrieve an email with a click-through link to validate their registration. For more information, see Configuring self-service user registration.
Account lockout
Jive does not offer account lockout as an out-of-the-box feature. However, you can configure Jive to authenticate against a third-party SSO that performs account lockout.
SSO
Jive includes support for SAML out of the box and can also be implemented as customization from Jive's Professional Services team, a Jive partner, or an engineer of your choice. For more information, see Getting ready to implement SAML SSO.

Authorization features

Jive includes powerful built-in user and administrator permissions matrices, as well as customizable permissions. Depending on the assigned role, users can see or not see specific places and the content posted there. In addition, administrative permissions can be used to limit the access level of administrators. Jive administrators control user and administrative permissions by using the Admin Console. For more information about permissions, see Managing permissions.

Moderation and abuse features

Moderation
Jive administrators can enable moderation so that designated reviewers view and approve content before it is published in the community. This can be useful for places that contain sensitive information. In addition to content moderation, administrators can enable moderation for images, profile images, avatars, and user registrations. For more information, see Moderation.
Abuse reporting
Administrators can enable abuse reporting so that users can report abusive content items. For more information, see Setting up abuse reporting.
Banning users
Administrators can block a person's access to Jive so that they are no longer able to log in to the community. For example, if someone becomes abusive in their messages (or moderating their content is too time-consuming), administrators may choose to ensure that the user can no longer log in or post comments. Users can be banned through their login credentials or their IP address. For more information, see Configuring banning.
Interceptors
Interceptors can be set up to perform customizable actions on incoming requests that seek to post content. Administrators can set up interceptors to prevent specific users from posting content or to filter and moderate offensive words, anything from specific IP addresses, or the posting frequency of specific users. For more information, see Interceptors overview.

Encryption

HTTPS
HTTPS encryption is required for running Jive. Jive supports TLS 1.0, 1.1, and 1.2.
Encryption at rest
Encryption at rest is available to North American customers as an addition.

Cookies

Jive uses HTTP cookies in several places in the application to provide a better user experience. For more information about how the application uses cookies, see Cookies in Jive communities.

Note: The Jive Professional Services team can deliver security customizations if the out-of-the-box security features do not meet the specific requirements of your organization.