External identities (may also be called external IDs) in Jive are used to link user details from an external SSO/SAML system such as Azure Active Directory (AD) with Jive's user management. External identities from the SSO/SAML system are parsed and checked against information stored in Jive every time a user access Jive through SSO/SAML to ensure that they get logged in automatically to the correct user profile.
- A new user account being provisioned upon login
- An existing user is unable to login in due to duplicate external identities
A new user account being provisioned upon login
If a user's external identity is changed in the SSO/SAML system; upon next login, Jive will treat them as a new user since the external identity wouldn't match with the stored value in Jive. A new user account will be provisioned for the user in such cases.
This is why it is very important to ensure that the external identities remain unique in the SSO/SAML systems.
An existing user is unable to login in due to duplicate external identities
In case an external identity is assigned to a user in the SSO/SAML that's already present in Jive due to it being synced previously, Jive will throw an error when the user attempts to log in. This occurs as at this point, Jive doesn't know which user profile is the correct one for the user, or if it should create a new user profile if the other SAML identity details are different coming from the SSO/SAML system.
The existing external identities can be cleared by overriding with the Assertion Attribute in Jive.