Administering Jive Mobile
| TOC | 2
Contents Administering Jive Mobile.............................................................................................................3 Installing Jive Mobile............................................................................................................................................3 Configuring Jive Mobile....................................................................................................................................... 4 Security for Jive Mobile........................................................................................................................................ 6 Jive Mobile and Cookies....................................................................................................................................... 7 Caching in Jive Mobile Web................................................................................................................................. 9 Mobile Web Browser Caching.................................................................................................................. 9 Native Android Caching..........................................................................................................................10 Native iPhone Caching............................................................................................................................10 Native iPad Caching................................................................................................................................11 Moving a Mobile Instance...................................................................................................................................11 Customizing the Mobile Home Page...................................................................................................................12 Customizing the Mobile User Interface.............................................................................................................. 13
| Administering Jive Mobile | 3
Administering Jive Mobile Learn how to configure the mobile module and customize it for your community.
Installing Jive Mobile You'll install Jive Mobile as a module after you download it from the Jive Software website. After you add the module JAR, you'll need to restart the application for the Jive Mobile feature to become available in the Admin Console. To understand how to set up delegated authentication for mobile, see Configuring Delegated Authentication in the core Jive documentation. Note: This topic assumes that you've purchased a license that enables the Jive Mobile feature.
Accessing the Mobile Gateway To set up access: • • •
Enable inbound traffic from 204.93.64.112 on the port used by the Gateway Access URL. Enable outbound traffic to 204.93.64.255 and 204.93.64.252 on port 80, or, if you're using SSL, port 443. EMEA-based customers: In addition to enabling inbound and outbound traffic, you must also enable inbound traffic from 204.93.80.122 on port 80, or, if you're using SSL, port 443. As a final step, contact Jive Support to arrange service via the Amsterdam-based Jive Mobile Gateway. Note: The Mobile Gateway does not respond to ping requests; this is normal.
Install the Mobile JAR File Once you have the mobile module JAR file, install it using the following steps: 1. 2. 3. 4. 5.
In the Admin Console, go to System > Plugins > Add Plugin. Under Install a New Plugin, click Browse to browse for the mobile module JAR file you downloaded. After you've chosen the file, click Open > Upload to add the module to your community. Restart the application: service jive-httpd restart If you haven't already, apply a deployment license that enables you to use the mobile module by going to System > Management > License Information. (For more about managing licenses, see Managing the Deployment License in the core documentation.)
After you've installed the mobile module and have updated your license to support it, you can begin configuring the module. For more on configuring, see Configuring Jive Mobile. If you need to copy or move a Mobile instance, be sure to read Moving a Mobile Instance.
| Administering Jive Mobile | 4
Configuring Jive Mobile Use the Jive Mobile Connection Setup form in the Admin Console to configure your connection to the Jive Mobile Gateway. The Jive Mobile Gateway connection establishes mobile access to your community. Depending on how your community is configured, access to it may require providing the appropriate credentials to log in. Fastpath: Admin Console: Mobile > Connection Setup
To understand how to set up delegated authentication for mobile, see Configuring Delegated Authentication in the core Jive documentation. Use the following table to help you complete your Jive Mobile Connection Setup form. Once you complete this form, your Jive hostname becomes registered and mobile clients can use it to access your community. Once you register a hostname, it can only be changed by deleting your entire mobile configuration and going through the registration process again. To delete your entire mobile registration, click the Delete Registration link in the Connection Setup page after you register. If you need to move a mobile instance, be sure to read Moving a Mobile Instance. Field
Description
Mobile URL
Enter the URL that mobile users (iOS, Android, BlackBerry) can type into their browser to access your community, such as https://widgetco.jive-mobile.com. Your hostname within the jive-mobile.com domain must adhere to the following criteria. •
•
Contain 6 to 63 alphanumeric characters (a-z, 0-9) or hyphens. Dots are not allowed in Jive Mobile hostnames. The hostnames are required to be RFC 952-/RFC 1123compliant. Use a unique name within the jive-mobile.com domain.
| Administering Jive Mobile | 5
Field
Description •
Use a non-reserved hostname. Some hostnames are reserved and cannot be registered by the mobile module. For example, we reserve certain generic hostnames, such as mobile, community, or engage. Note: We currently do not support full custom domains, such as mobile.widgetco.com.
Gateway Access URL
Enter the publicly accessible URL that the Jive Mobile Gateway can use to access your community. If your Jive community is on the Internet, use the normal URL, for example https://jive.widgetco.com. When registering a private community to use the Mobile module, you may need to use an IP address instead of a hostname, which is common with private communities that are only available from within your corporate network, and do not have a hostname that can be resolved on the Internet. The Jive Mobile Gateway is on the Internet and private communities need to allow the Jive Mobile Gateway to access the community, whether it be by providing the IP address, setting up a channel, making firewall configuration changes, or setting up a public hostname. We recommend you use a secure protocol (HTTPS) whenever possible.
Community Name
Requires the name of your community. Mobile device users will see this name when the community displays informational messages and errors.
Support Email Address
Requires the email address that you want mobile device users to email for first-level support issues, such as help with configuration. Jive will not send automated messages to this address. This email will only be used to pre-populate mailto: links that, when clicked, open the mobile email client.
SSL Certificate Checking
Select Require strict validation of this Jive instance's SSL certificate to enable strict validation. Enabling strict validation requires the following from your Jive community: • • •
Common Name (CN) in the SSL certificate needs to match the hostname of the Jive community. SSL certificate must be current and not expired. SSL certificate must be signed by a known certificate authority (CA).
If the SSL certificate for your Jive community does not meet one or more of the preceding requirements, then uncheck the Require strict validation of this Jive instance's SSL certificate checkbox. Mobile Client Redirect (for phones and tablets)
This setting controls which URL mobile clients are redirected to when they request the standard desktop Jive URL. None of these settings interfere with non-mobile community usage. •
• •
Enable mobile client redirection -- redirects mobile clients to the mobile URL. This setting allows your users to see community content in a mobile-optimized view. Tablets are redirected to a tablet-optimized view (available in Mobile module version 5.0.3 and later). Disable mobile client redirection -- does not redirect mobile clients to the mobile URL. They are taken to the non-mobile-optimized version of the URL. Enable mobile client redirection only when parameter mobileredirect=true -- (this option is available in Mobile module versions 5.0.2 and 4.5.2 and higher) redirects mobile clients to the requested URL when it contains the parameter mobileredirect=true. This can be useful if you are building your own mobile home page or mobile app. This setting allows your users to see community content in a mobile-optimized (including tablets) view.
| Administering Jive Mobile | 6
Security for Jive Mobile Jive Mobile includes security features for user registration and access, data storage, and transmission. The Mobile Gateway is audited daily by McAfee Secure. The Jive Mobile plugin relies on a mobile gateway that acts as a proxy and is hosted in Jive Software’s U.S.-based and Amsterdam-based data centers. To learn more about the security of Jive, be sure to read Jive Security. Data Storage The Jive Mobile Gateway stores the information it needs to communicate with your Jive community, such as which version of Jive you're running, as well as most of the mobile and tablet customization options you've configured from the Mobile tab of the Admin Console. No Jive user credentials or Jive community content is stored or cached by the Mobile Gateway. For more information about the security of content in your Jive instance, see Jive Security. When using Jive Mobile via a mobile browser, you can establish a zero data footprint by setting the core API CacheControl header on everything as follows: • • • • • •
no-cache no-store no-cache must-revalidate private max-age=0
In addition, you can suppress the ability to download binary documents with a customization. Contact Jive Support for more information. Data Transmission Mobile Client to and from the Mobile Gateway:
This connection is always secured by HTTPS.
Mobile Gateway to and from your Jive instance:
The Mobile Gateway proxies requests from the mobile client to the Jive instance's gateway access URL. Therefore, we recommend all Jive users specify an HTTPS URL for the gateway access URL. The gateway can be configured to strictly validate the Jive instance's SSL certificate.
User Authentication and How It Works In an external community (typically for customers, vendors, and other external audiences), Jive Mobile proxies usernames and passwords through the Mobile Gateway for authentication by your Jive community, using the Jive user database, LDAP, or Jive delegated authentication. In an internal Jive community (typically for employees only), Jive Mobile defaults to mobile device registration, which provides compatibility with SSO integrations. (You can switch this default behavior; contact your Jive Software representative for more information). Here's how mobile device registration works: 1. The user logs into the community via SSO from his/her desktop and goes to Preferences > Mobile to add and register their mobile device(s). 2. Jive provides the user a single-use activation code for each device. 3. The user goes to the community URL on their mobile device and enters the activation code and re-enters their community username and password as an extra validation step. (This process occurs only once. Users can invalidate mobile device access at any time by removing the device(s) from their Preferences). The security benefits of mobile device registration include:
| Administering Jive Mobile | 7
• •
Users' credentials never pass through the Jive Mobile Gateway. Jive users can remotely revoke their mobile access to the community at any time by deleting the device from the desktop interface. This is especially helpful if a user's device is stolen or lost.
Here is the basic workflow of mobile:
Mobile On-prem Option The standard Mobile plugin is available to hosted or on-prem Jive customers. If your organization has a strict ban on hosted services, Jive Software offers an on-prem Mobile plugin option that does not require the Jive Mobile Gateway, but has limited capabilities and features. If you are interested in this version, ask your Jive Software representative for more information.
Jive Mobile and Cookies Jive Mobile uses cookies in several places in the module to provide a better user experience. jive.oauth2.access.token
This cookie is used to store the OAuth2 access token. This cookie is converted by the mobile gateway to the appropriate Authorization header on non-POST requests that do not have an Authorization header. • • • •
Possible values: a hexidecimal string. Expiration: at session end. Encryption: none. Example: jive.oauth2.access.token=" 85de7cd4-1da4-492b-ae51-b8de52689f87"
| Administering Jive Mobile | 8
JM-SESSION-UUID
This cookie stores a UUID generated for the purpose of tracking sessions in log files for OAuth-based requests. This cookie can be correlated only to a given session and not to a specific user. • • • •
_oauth
This optional cookie is used as a backup to local storage of the OAuth data. It can be turned off by your Jive Software representative, but doing so may cause all associated mobile devices to become unauthorized unexpectedly. • •
• •
jive.mobile.cookie.accept.test
• • •
Possible values: A number representing a Unix time value at the time of session start. Expiration: at session end. Encryption: none. Example: jive.mobile.cookie.accept.test=" 1338396804134"
This cookie is set by BigIP. • • • •
jivePath
Possible values: A base64-encoded JSON object. Expiration: same as OAuth activation validity; default is two years. Controlled by jive.oauth.refresh_token.ttl_hours system property value in the application. Encryption: none. Example: _oauth="eyJjbGllbnRfc2VjcmV0IjoiMVA4U3NIM1hsUWZLbnpzZ ZMSVNDMWlWS0VUeFREODZJaThVa1k5Yng3NjI0Um JETmNBa3gwMUV5MVA2aUpieSIsImFjdGl2YXRlX2FnY WluX2NvZGUiOiI4MzMzOTU3NiIsImV4cGlyZXNfaW4iO jYzMTE1MTk5LCJyZWZyZXNoX3Rva2VuIjoiNWQ1OTU wYjktMTljMi00Yzc0LWJiM2YtYjFkNmIwZTAzNzhjIiwiY2x pZW50X2lkIjoiMDQyOGVmNzYtMDJhZi00MmEyLWFmZ mMtMzU5MGFiNTk0NGMwIn0="
This cookie is used by the Jive Mobile client to check whether the browser accepts cookies. •
BIGipServerPool_VM120.16
Possible values: a hexidecimal string. Expiration: at session end. Encryption: none. Example: JM-SESSIONUUID="008deaf5-9ffd-4464-84eb-2b838fd666c6"
Possible values: an encoded IP address and port of the pool member to which the requests will be routed. Expiration: at session end. Encryption: none. Example: BIGipServerPool_VM120.16="404007104.20480.0000"
This cookie is used by the redirector. • • •
Possible values: a string representing the URL that redirected to the mobile site. Expiration: at session end. Encryption: none.
| Administering Jive Mobile | 9
•
__utma, __utmb, __utmc, __utmz
Example: jivePath=""https:// yourcomm.yourdomain.com/docs/DOC-22785? noredirect=true"
These functional cookies are used to collect information about how visitors use our application. We use the information to compile anonymous usage reports to help us improve the product. To learn more about these cookies, see Cookies and Google Analytics.
Caching in Jive Mobile Web Caching and data footprint behaviors of Jive Mobile vary by platform. Use the following topics to understand what gets cached or stored by the browser and device.
Mobile Web Browser Caching The following caching and storage behaviors apply when using a mobile web browser to access Jive Mobile via the Jive Mobile Gateway, or via the Jive Mobile on-prem module. Data that Is Not Cached Item
Description
Core API Responses
The core application API returns instance-specific data about the community, such as user profiles and content.
Data that Can Be Cached or Stored on Device Item
Description
User Avatars
--
Mobile Theming Assets
Mobile theming assets such as the logo image and colors.
Static Mobile App Assets
These include CSS and Javascript assets that are not specific to the instance.
Content Creation Activities
The most recently mentioned users and recently selected places for content creation.
Data that Can Be Cached or Stored on Device -- Mobile Gateway Users Only Item
Description
Access Token
This is stored only for instances using mobile device registration.
"Remember Me" Cookie
This is stored only for instances using username and password login and when the user has selected "remember me" on the login screen.
| Administering Jive Mobile | 10
Data that Can Be Cached or Stored on Device -- Mobile On-prem Module Only Item
Description
Login Cookies and other information
The on-prem mobile module uses the same login system as its associated instance. Therefore, any cookies or other data that are part of the main instance's login behavior will apply the same for its mobile users.
Native Android Caching Data that Is Not Cached or Stored on Device Item
Description
Core API Responses
The core application API returns instance-specific data about the community, such as user profiles and content.
Data that Can Be Cached or Stored on Device Item
Description
User Avatars
--
Mobile Theming Assets
Theming assets such as the logo image and colors.
Recently Accessed Community URLs
The URLs of recently accessed communities.
Access Token
Stored only when the instance has mobile device registration enabled.
"Remember Me" Cookie
This is stored only for instances using username and password login and when the user has selected "remember me" on the login screen.
Content Creation Activities
The most recently mentioned users and recently selected places for content creation.
Native iPhone Caching Caching behavior for the iPhone depends on which Jive version you're using. For Jive Versions 6.0.1 and Higher Table 1: Data that Can be Cached or Stored on Device Item
Description
Core API Responses
The core application API returns instance-specific data about the community, such as user profiles and content.
Recently Accessed Community URLs
The URLs of recently accessed communities.
Access Token
Stored only when the instance has mobile device registration enabled.
"Remember Me" Cookie
This is stored only for instances using username and password login and when the user has selected "remember me" on the login screen.
Content Creation Activities
The most recently mentioned users and recently selected places for content creation.
| Administering Jive Mobile | 11
For Jive Versions 6.0.0 and Earlier, including guest access behavior in all Jive versions Table 2: Data that Is Not Cached or Stored on Device Item
Description
Core API Responses
The core application API returns instance-specific data about the community, such as user profiles and content.
Table 3: Data that Can Be Cached or Stored on Device Item
Description
User Avatars
--
Mobile Theming Assets
Theming assets such as the logo image and colors.
Recently Accessed Community URLs
The URLs of recently accessed communities.
Access Token
Stored only when the instance has mobile device registration enabled.
"Remember Me" Cookie
This is stored only for instances using username and password login and when the user has selected "remember me" on the login screen.
Content Creation Activities
The most recently mentioned users and recently selected places for content creation.
Native iPad Caching Data that Is Not Cached or Stored on Device Item
Description
Core API Responses
The core application API returns instance-specific data about the community, such as user profiles and content.
Data that Can Be Cached or Stored on Device Item
Description
Username, password, These are stored securely in the iOS keychain. and community URL SSO Authentication Cookies
These are stored only if the main instance is using SAML SSO.
Downloaded Attachments
These are cached or stored using iOS Data Protection.
User Avatars
--
Moving a Mobile Instance If you move your community URL, you'll need to update your Mobile registration settings with the repair utility. Note: The Mobile repair utility is available only in Mobile module versions 4.5.1 and 5.0.1 and higher. The module versions differ from the core application versions. For a list of core versions and compatible Mobile
| Administering Jive Mobile | 12
module versions, see Jive Mobile Compatibility Matrix in the Jive Community; you must be a community user to view the matrix. Fastpath: Admin Console: Mobile > Connection Setup: Repair Settings
Jive's security and licensing service keeps track of your production and development environment(s) and the license(s) required for production environments. To understand how the security service works for the core application, see Moving or Copying an Instance and Managing the Deployment License in the core documentation. Updating Your Mobile Connection Settings If the Jive Mobile plugin detects a change in the jiveURL or other environment change, you'll be prompted to update your settings the next time you log in to the Admin Console and go to the Mobile page. Choose one of the following options: Option
Description
Recover Registration
Choose this option if you moved your Jive data from one instance to another instance that was also registered for Mobile. In other words, the Jive Mobile URL shown is not correct for the current instance. This typically occurs when you move data from UAT to production, in which case, the production instance would incorrectly try to use the UAT instance's Jive Mobile URL. To repair this situation, enter the jive-mobile.com hostname and Mobile Gateway Access URL that were originally used to register the current instance.
Delete Local Mobile Settings
Choose this option if your instance is not registered for Mobile. This can occur when you copy a mobile-registered instance to a UAT instance for testing purposes and then try to run it. Each Jive Mobile instance needs its own registration. You can't point to the same one. You'll need to delete your local settings and then register the instance with its own Mobile license.
Upgrade Registration
Choose this option if you are upgrading or restoring an existing Jive instance that was already registered for Mobile.
Customizing the Mobile Home Page You can customize the mobile home page to give your users a more customized and branded experience. Use the Mobile Home Page in the Admin Console to change things like the Welcome page message, the home page image, header or button colors, or to add your own header image. Fastpath: Admin Console: Mobile > Customization
Field
Description
Enable a Home Page for Mobile Users
Enable and designate a home page for mobile users. If you do not enable a home page, the default home page is the Activity stream page. Note that for tablet users, the Home page is always enabled.
Mobile Home Page Image
Optional. Select the image that mobile (non-tablet) users see when they log in to the community. The image can be up to 600 px wide by 200 px high. The image must be PNG, GIF, or JPEG format.
Tablet Home Page Images (for landscape and portrait orientations)
Optional. Select the image that tablet device users see when they log in to the community. For landscape orientation, the image can be up to 400 px wide by 300 px high. For portrait orientation, the image can be 768 px wide by 180 px high. All images must be PNG, GIF, or JPEG formats. Only one of these images will appear on the Home page, depending on how the user is holding the device.
| Administering Jive Mobile | 13
Field
Description
Featured Places
Optional. You can specify one or more of your community's places here that users will see on the Home page. Start typing the name of a place and the app will auto-suggest places for you.
Welcome Message
Optional. Enter a welcome message that your users will see on the mobile Home page. Note that this text can be dismissed by the user.
Customizing the Mobile User Interface You can customize the experience for mobile devices by making some optional changes. Use the Mobile Customization page in the Admin Console to change things like the colors of the header or buttons, or to add your own header image. Note: To make changes to the Home page, see Customizing the Mobile Home Page.
Fastpath: Admin Console: Mobile > Customization
Field
Description
Header Color
Sets the background color for the header that you see in the mobile device's browser when logged in to the community. You can click on the field and use the color picker or type an RGB hexadecimal value, such as 003366. Darker colors display better than lighter colors.
Button Color
Sets the color for the login button, as well as other buttons throughout the UI. You can click on the field and use the color picker or type an RGB hexadecimal value, such as 003366. Darker colors display better than lighter colors.
Header Image
Replaces the Jive logo image that mobile device users see when they log in to the community. The image can be up to 240 px wide by 60 px high using the recommended PNG or GIF formats. JPEG is considered an acceptable format.
Bookmark Image
Sets the image for the mobile apps/bookmarking interface. The image must be 144 px wide by 144 px high and in PNG format only. Note this feature is available only in Jive Mobile module versions 5.0.2 and higher (see the Mobile Plugin Version Compatibility Matrix on the Jive Community; you must be a registered user to view this document).
External Information Links
Specify up to two links to Web pages outside of your community that mobile device users can click from their login page. These Web pages should contain information that you want to communicate to users prior to logging in, such as an Acceptable Use policy or Contact Support information.
