SAML SSO attribute mapping tips
Here you can find general tips on attribute mapping for SAML SSO.
Determining your IdP's attributes
The easiest way to figure out how your IdP's attributes are set is to set the
Email field in the General tab of Jive to something you know
isn't in the response, like xxxxemail, and then look at the error message
for all the available attributes in the SAML Response. Many IdPs assign both a
Name and a Friendly Name to each assertion attribute.
When you're setting up Attribute Mapping, you should use Name.
By default, user mapping uses the SubjectNameID attribute which defines
the user name as a unique identifier to link the Jive account with the IdP
identity. You can use a different attribute for either the user name or the External
Identifier. The External Identifier should be a value that will remain the same even if the
user name and email address change. In ADFS, this attribute will typically be the unique
objectGUID attribute.
For ADFS, the Name value typically looks like a URL, for example,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email.
Jive doesn't support mapping to complex profile fields, such as multiple select lists or addresses.
Minimum required mapping fields
Username, Email,
Firstname, and Lastname to be populated. If your SSO
server will be used to generate accounts automatically on login, make sure the following
fields are mapped: ExternalIdentityUsernameEmail