Hive’s Enterprise Security package includes the following:
1. Data Export
- Hive Enterprise comes with support for compliance exports of full Organization data. This export includes much more detail than a standard export from Hive, allowing IT Administrators to get full historical access to data across Hive Projects, Actions, Messages, Activity Feed, and more.
2. Full Data Erasure
- By default, when you leave Hive, your non-log data (Organization data) is left in an inactive state. Oftentimes, it's important for IT Administrators to request this data be permanently erased. If full data erasure is requested, we will completely purge data for an Organization.
3. SSO Enablement
- Hive is SAML-enabled, allowing your enterprise to utilize SSO through your main identity provider and track/control access from one central location. With Hive's SSO solution, you can restrict access so your team can only log in through SAML.
- SAML-based single sign-on (SSO) gives users access to Hive via the identity provider (IDP) of their choice.
How to set up SSO and SAML
Hive has direct support for a few Identity Providers (IDPs). If you use one of them, follow the guides linked below:
If you do not use one of the IDPs listed above, you can manually configure SAML by following the guide below.
Step 1: Configure identity provider
To get started, you’ll need to set up a connection (or connector) for Hive with your IDP. In your respective IDP, create a new SAML app. The SAML app will need the “ACS URL” for your Hive account, which you can find by logging into your Hive account ⇒ Top right menu ⇒ “Your workspace” ⇒ “Auth”
In full, you’ll want to map the following values to the SAML app with your IDP:
- ACS URL: see above
- Entity ID: https://app.hive.com
- NameID: Should use the "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" format
- Email attribute
- Custom attribute mappings:
- "firstName" attribute (required): Should be included. Can be mapped from whatever attribute your IdP uses for first/given name.
- "lastName" attribute (required): Should be included. Can be mapped from whatever attribute your IdP uses for last/family/surname.
Step 2: Set up SAML SSO for Hive
Once you’ve added all of the values from the previous step and saved the new SAML app with your IDP, the IDP should provide you with the following values:
- SAML SSO URL
- Identity Provider Issuer (optional as not all IDPs provide this)
- A X.509 certificate You’ll want to copy each of these 3 values from your SAML app and enter them into Hive:
- Open Hive
- Click your profile photo in the top right
- Select “Your workspace”
- Select the “Auth” tab
- Paste the SAML SSO URL into its respective field
- Paste the Identity Provider Issuer into its respective field (if you have one)
- Paste the text contents of the X.509 cert into the “Certificate” field
- Close the screen and you should be all set
What to expect after SSO is enabled
Once you’ve set up SSO, each member of your workspace will receive an option at the time of sign in to “Sign in with SSO”. They will still have the option to log in with their Hive password, something we recommend allowing until you can verify that the setup is working.
Going forward, if you’d like to force SSO for your workspace members, you can check the “Force SSO” checkbox from the “Auth” screen. Doing this will disallow login with Hive credentials and instead force a SAML sign on.