Hive’s Enterprise Security package includes the following:
1. Full Data Erasure
By default, when you leave Hive, your non-log data (Organization data) is left in an inactive state. Oftentimes, it's important for IT Administrators to request this data be permanently erased. If full data erasure is requested, we will completely purge data for an Organization.
2. SSO Enablement
Hive is SAML-enabled, allowing your enterprise to utilize SSO through your main identity provider and track/control access from one central location. With Hive's SSO solution, you can restrict access so your team can only log in through SAML.
SAML-based single sign-on (SSO) gives users access to Hive via the identity provider (IDP) of their choice.
How to set up SSO and SAML
Hive has direct support for a few Identity Providers (IDPs). If you use one of them, follow the guides linked below:
One Login (Add the “Hive” SAML 2.0 app from One Login app store)
If you do not use one of the IDPs listed above, you can manually configure SAML by following the guide below.
Step 1: Configure identity provider
To get started, you’ll need to set up a connection (or connector) for Hive with your IDP. In your respective IDP, create a new SAML app. The SAML app will need the “ACS URL” for your Hive account, which you can find by enabling the Enterprise Security app in Apps ⇒ Top right menu ⇒ "Settings" ⇒ "Enterprise Security"
Note: "Enterprise Security" tab will only be visible to Admins.
In full, you’ll want to map the following values to the SAML app with your IDP:
ACS URL: see above
Entity ID: https://app.hive.com
NameID: Should use the "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" format
Custom attribute mappings:
"firstName" attribute (required): Should be included. Can be mapped from whatever attribute your IdP uses for first/given name.
"lastName" attribute (required): Should be included. Can be mapped from whatever attribute your IdP uses for last/family/surname.
Step 2: Set up SAML SSO for Hive
Once you’ve added all of the values from the previous step and saved the new SAML app with your IDP, the IDP should provide you with the following values:
SAML SSO URL
Identity Provider Issuer (optional as not all IDPs provide this)
A X.509 certificate You’ll want to copy each of these 3 values from your SAML app and enter them into Hive:
Click your profile photo in the top right
Select the “Authentication” tab
Paste the SAML SSO URL into its respective field
Paste the Identity Provider Issuer into its respective field (if you have one)
Paste the text contents of the X.509 cert into the “Certificate” field
Close the screen and you should be all set
What to expect after SSO is enabled
Once you’ve set up SSO, each member of your workspace will receive an option at the time of sign in to “Sign in with SSO”. They will still have the option to log in with their Hive password, something we recommend allowing until you can verify that the setup is working.
Going forward, if you’d like to force SSO for your workspace members, you can check the “Force SSO” checkbox from the “Auth” screen. Doing this will disallow login with Hive credentials and instead force a SAML sign on.