Configuration Support for External Client Access

As of version 4, Jive SBS optionally supports access to the community from several new kinds of clients. This topic describes the features provided by Jive to help you ensure that these connections are secure.

The following lists the clients for which you might want to make special provision for secure access (each of these is an optional feature):

Mobile device. Jive supports access from mobile applications such as its iPhone application.
Bridged instances. Using a bridge, you can connect two Jive communities together. Through this bridge, people in one community (who are members the bridged communities) can see activity from the bridged communities. It's possible that the bridge might cross network boundaries.
An add-in within Microsoft Office. Jive offers the Jive Desktop Office add-in through which people can upload and synchronize Office documents while working within the Office application on their desktop.
Social Media Console. Among the set of features included with Jive Market Engagement is the Social Media Console, an external web application that provides a way to collect and organize market data.

Features designed to help you ensure secure access include:

URL conventions that you can use to filter requests. See below for more on these.
Admin console support for turning REST web services on or off. For more, see Setting Access for Web Service Clients.
Admin console support for enabling or denying access via mobile device based on user name and device ID. For more, see Managing iPhone Access.

URL Conventions

Each of the client types listed above requires access to the community in order to exchange data about content, people and activity. Each communicates with the community using REST web services. To help you secure that access, Jive uses a URL convention that you can use to filter requests so that only those relevant to the services you're supported are allowed. Each client uses a different base URL to make requests.

Each REST URL for the clients listed begins with __services and is followed by a convention specific to the client type -- /mobile, /bridging, /office, and /sme. Using this convention you can filter access to permit valid requests. For example, imagine that you want to allow a bridge from a public community outside your firewall to a private community that's inside it. You could create a filter that permits URLs of the form /__services/bridging/**. Depending on your network topology and conventions, you could permit these URLs through your firewall, or you could set up a reverse proxy that would forward requests made to these URLs.

The following table lists base URLs for each client type:

Client	Base URL	Notes
iPhone	/__services/mobile/v1/	Services can be enabled or disabled in the admin console.
Bridged instance	/__services/bridging/	Services can be enabled or disabled in the admin console.
Jive Desktop Office add-in	/__services/office/	Services can not be disabled via the console if the feature is installed.
Social Media Control	/__services/sme/	Services can not be disabled via the console if the feature is installed.

Security for Client Requests

You can enable Secure Sockets Layer (SSL) for each type of client, although how you do so varies among the clients.

The following table describes how SSL is enabled for each client type:

Client	SSL Handling
iPhone	You can force SSL specifically for the iPhone from the admin console as described in Setting Access for Web Service Clients. Note that if you'll be using SSL to secure iPhone access, your certificate must be valid. For example, it must be created by a trusted authority such as Verisign, rather than self-created.
Bridged instance	You force SSL for access from bridges when you force it for REST web services in general. See Setting Access for Web Service Clients for more information about that setting.
Jive Desktop Office add-in	To force SSL for the Jive Desktop add-in, you must force SSL for the entire site, including for browser-based requests. For more information, see Enabling SSL Encryption.
Social Media Console	To force SSL for the Social Media Console, you must force SSL for the entire site, including for browser-based requests. For more information, see Enabling SSL Encryption.