Onboarding Single Sign-On with Hive

A guide to integrating Single Sign-On with Hive

Thank you for choosing Hive! This is a guide to setting up your company's Identity Provider to provide employees with Single Sign-On (SSO) capabilities for Hive. This is intended for employees with admin-level permissions on your company's Identity Provider platform tasked with managing employees' access to Hive.

Supported Identity Providers

Hive is pleased to support Single Sign-On capabilities via Okta, Amazon IAM Identity Center, and PingIdentity's PingOne platform! If your company would like to integrate a different Identity Provider with Hive, please reach out to [email protected] or your Hive representative.

Hive currently only supports Identity Provider-initiated sign-on with the three Identity Providers listed above. This means that your employees will sign on to Hive via SSO from your Identity Provider and not from Hive's login page.

Okta

Hive supports OpenID Connect (OIDC) and Security Assertion Markup Language 2.0 (SAML) as authentication protocols for SSO on Okta.

PingOne

Hive supports OpenID Connect (OIDC) and Security Assertion Markup Language 2.0 (SAML) as authentication protocols for SSO on the PingOne platform.

Amazon IAM Identity Center

Hive supports Security Assertion Markup Language 2.0 (SAML) as an authentication protocol for SSO on Amazon IAM Identity Center.

Supported Features

Just-In-Time User Provisioning

Hive SSO supports Just-In-Time User Provisioning, which automates the Hive account creation process for new employees. When a new employee logs in for the first time using your company's Hive SSO solution, a personal Hive account with your company's default permission policy will automatically be created for them. No further steps are required.

Group-Based Permission Mapping

If requested, Hive SSO supports Group-Based Permission Mapping, allowing users to be assigned to specific Hive organizations with specific permissions based on their group memberships on your Identity Platform. This is applicable to both newly-provisioned users from Just-In-Time Provisioning and employees with existing Hive accounts that are signing in with Hive SSO for the first time.

For example, an employee in the "Hive Admins" group on your Identity Platform can be configured to join your default Hive organization with admin permissions, while all other employees will be defaulted to reader permissions.

Please reach out to [email protected] or your Hive representative to set this feature up.