Onboarding Single Sign-On with Hive
A guide to integrating Single Sign-On with Hive
Thank you for choosing Hive! This is a guide to setting up your company's Identity Provider to provide employees with Single Sign-On (SSO) capabilities for Hive. This is intended for employees with admin-level permissions on your company's Identity Provider platform tasked with managing employees' access to Hive.
Supported Identity Providers
Hive is pleased to support Single Sign-On capabilities via Okta, Amazon IAM Identity Center, and PingIdentity's PingOne platform! If your company would like to integrate a different Identity Provider with Hive, please reach out to [email protected] or your Hive representative.
Hive currently only supports Identity Provider-initiated sign-on with the three Identity Providers listed above. This means that your employees will sign on to Hive via SSO from your Identity Provider and not from Hive's login page.
Okta
Hive supports OpenID Connect (OIDC) and Security Assertion Markup Language 2.0 (SAML) as authentication protocols for SSO on Okta.
- Setup guide for using Okta with OIDC
- Setup guide for using Okta with SAML
PingOne
Hive supports OpenID Connect (OIDC) and Security Assertion Markup Language 2.0 (SAML) as authentication protocols for SSO on the PingOne platform.
- Setup guide for using PingOne with OIDC
- Setup guide for using PingOne with SAML
Amazon IAM Identity Center
Hive supports Security Assertion Markup Language 2.0 (SAML) as an authentication protocol for SSO on Amazon IAM Identity Center.
- Setup guide for using Amazon IAM Identity Center with SAML
Supported Features
Just-In-Time User Provisioning
Hive SSO supports Just-In-Time User Provisioning, which automates the Hive account creation process for new employees. When a new employee logs in for the first time using your company's Hive SSO solution, a personal Hive account with your company's default permission policy will automatically be created for them. No further steps are required.
Group-Based Permission Mapping
If requested, Hive SSO supports Group-Based Permission Mapping, allowing users to be assigned to specific Hive organizations with specific permissions based on their group memberships on your Identity Platform. This is applicable to both newly-provisioned users from Just-In-Time Provisioning and employees with existing Hive accounts that are signing in with Hive SSO for the first time.
For example, an employee in the "Hive Admins" group on your Identity Platform can be configured to join your default Hive organization with admin permissions, while all other employees will be defaulted to reader permissions.
Please reach out to [email protected] or your Hive representative to set this feature up.
Updated about 1 month ago