- \n
- A 黑料海角91入口 administrator account<\/li>\n\n\n\n
- 黑料海角91入口 SSO Package or higher or SSO \u00e0 la carte option<\/li>\n\n\n\n
- A Workplace by Facebook user account with administrator permissions<\/li>\n\n\n\n
- Your Workplace by Facebook domain, subdomain and company number<\/li>\n<\/ul>\n\n\n\n
<\/a>Important Considerations<\/strong><\/p>\n\n\n\n
- \n
- Workplace by Facebook SCIM API is based on version 2.0 of the SCIM standard.<\/li>\n\n\n\n
- Tokens for Workplace for Facebook never expire. But, if you have to change your token, you must deactivate the IdM Integration<\/a>, renew the token and then reactivate the integration.<\/li>\n\n\n\n
- Within Workplace, SCIM Groups are mapped to People Sets. Users should only be added to and removed from groups, never updated.<\/li>\n\n\n\n
- Delete operation will deactivate the user account.<\/li>\n\n\n\n
- Workplace by Facebook may truncate to 10000 members any group responses for performance reasons.<\/li>\n\n\n\n
- Groups are supported. <\/li>\n<\/ul>\n\n\n\n
Attribute Considerations<\/strong><\/p>\n\n\n\n
- \n
- A default set of attributes are managed for users. See the Attribute Mappings<\/a> section for more details.<\/li>\n\n\n\n
- The following attributes are not supported by 黑料海角91入口:\n
- \n
- manager<\/li>\n\n\n\n
- division<\/li>\n\n\n\n
- role<\/li>\n\n\n\n
- profileURL<\/li>\n\n\n\n
- timezone<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Creating a new 黑料海角91入口 Application Integration<\/strong><\/h2>\n\n\n\n
- \n
- Log in to the 黑料海角91入口 Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Click + Add New Application<\/strong>.<\/li>\n\n\n\n
- Type the name of the application in the Search <\/strong>field and select it.<\/li>\n\n\n\n
- Click Next<\/strong>.<\/li>\n\n\n\n
- In the Display Label<\/strong>, type your name for the application. Optionally, you can enter a Description<\/strong>, adjust the User Portal Image and choose to hide or Show in User Portal<\/strong>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\")
<\/p><\/div>Note:<\/strong> \nIf this is a Bookmark Application, enter your sign-in URL in the Bookmark URL<\/strong> field.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Optionally, expand Advanced Settings<\/strong> to specify a value for the SSO IdP URL<\/strong>. If no value is entered, it will default to https:\/\/sso.jumpcloud.com\/saml2\/<applicationname><\/kbd>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\")
<\/p><\/div>Warning:<\/strong> \nThe SSO IdP URL<\/strong> is not editable after the application is created. You will have to delete and recreate the connector if you need to edit this field at a later time.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- If successful, click:\n
- \n
- Configure Application<\/strong> and go to the next section <\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
Configuring the SSO Integration<\/strong><\/h2>\n\n\n\n
To configure 黑料海角91入口<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Replace any instances of YOURDOMAIN, SUBDOMAIN, and COMPANY_NUMBER with your Workplace by Facebook values.<\/li>\n\n\n\n
- Add or change any desired attributes.<\/li>\n\n\n\n
- Click save.<\/strong> <\/li>\n<\/ol>\n\n\n\n
Download the certificate<\/strong><\/h4>\n\n\n\n
- \n
- Find your application in the Configured Applications<\/strong> list and click anywhere in the row to reopen its configuration window.<\/li>\n\n\n\n
- Select the SSO <\/strong>tab and click IDP Certificate Valid > Download certificate<\/strong>.<\/li>\n<\/ol>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> \nThe certificate.pem will download to your local Downloads<\/strong> folder.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To configure Workplace by Facebook<\/strong><\/h3>\n\n\n\n
- \n
- Log in to Workplace by Facebook as an administrator.<\/li>\n\n\n\n
- Navigate to Admin Panel > Security<\/strong>.<\/li>\n\n\n\n
- Select Authentication SSO<\/strong>, then enable Single-sign on (SSO)<\/strong>.<\/li>\n\n\n\n
- Enter the following:\n
- \n
- Name of the SSO Provider<\/strong> – enter 黑料海角91入口<\/kbd>.<\/li>\n\n\n\n
- SAML URL<\/strong> – copy and paste the 黑料海角91入口 IDP URL<\/strong>.<\/li>\n\n\n\n
- SAML Issuer URL<\/strong> – copy and paste the IdP Entity ID<\/strong>.<\/li>\n\n\n\n
- SAML Certificate <\/strong>– copy and paste the contents downloaded in the previous section.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click Test SSO<\/strong><\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Note:<\/strong> \nEnsure the email address being used to authenticate with your IdP is the same as the Workplace account you are logged in.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- If successful, click Save Changes<\/strong><\/li>\n<\/ol>\n\n\n\n
Authorizing User SSO Access<\/strong><\/h2>\n\n\n\n
Users are implicitly denied access to applications. After you connect an application to 黑料海角91入口, you need to authorize user access to that application. You can authorize user access from the Application Configuration<\/strong> panel or from the Groups Configuration<\/strong> panel. <\/p>\n\n\n\n
To authorize user access from the Application Configuration panel<\/strong><\/h3>\n\n\n\n
- \n
- Log in to the <\/a>黑料海角91入口 Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n
- Select the User Groups<\/strong> tab. If you need to create a new group of users, see Get Started: User Groups<\/a>.<\/li>\n\n\n\n
- Select the check box next to the group of users you want to give access.<\/li>\n\n\n\n
- Click save<\/strong>. <\/li>\n<\/ol>\n\n\n\n
To learn how to authorize user access from the Groups Configuration<\/strong> panel, see Authorize Users to an SSO Application<\/a>.<\/p>\n\n\n\n
Validating SSO user authentication workflow(s)<\/strong><\/h2>\n\n\n\n
IdP-initiated<\/strong> user workflow<\/strong><\/h3>\n\n\n\n
- \n
- Access the 黑料海角91入口 User Console<\/a><\/li>\n\n\n\n
- Go to\u00a0Applications<\/strong> and click an application tile to launch it<\/li>\n\n\n\n
- 黑料海角91入口 asserts the user’s identity to the SP and is authenticated without the user having to log in to the application<\/li>\n<\/ul>\n\n\n\n
SP-initiated<\/strong> user workflow<\/strong><\/h3>\n\n\n\n
- \n
- Go\u00a0to the SP application login – generally, there is either a special link or an adaptive username field that detects the user is authenticated through SSO<\/li>\n<\/ul>\n\n\n\n<\/p><\/div>Note:<\/strong> \n
This varies by SP.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Login redirects the user to 黑料海角91入口 where the user enters their 黑料海角91入口 credentials<\/li>\n\n\n\n
- After the user is logged in successfully, they are redirected\u00a0back to the SP and automatically logged in<\/li>\n<\/ul>\n\n\n\n
Configuring the Identity Management Integration<\/strong><\/h2>\n\n\n\n
To configure Workplace by Facebook<\/strong><\/h3>\n\n\n\n
- \n
- Sign into Workplace by Facebook with your administrator account.<\/li>\n\n\n\n
- In the Admin Panel<\/strong>, open the Integrations<\/strong> tab.<\/li>\n\n\n\n
- Click on the Create App<\/strong> button.<\/li>\n\n\n\n
- Enter 黑料海角91入口<\/kbd> and a description.<\/li>\n\n\n\n
- Add a profile picture for the app. This will be used any time the app is visually represented, for instance if it makes a post to group.<\/li>\n\n\n\n
- Choose the required permissions<\/a> for the app, based on the integration functionality you require.<\/li>\n\n\n\n
- Copy and safely store the access token that’s shown to you. You’ll need this when making API calls. <\/li>\n<\/ol>\n\n\n\n
<\/p><\/div>Warning:<\/strong> \nThe Client ID and Secret (token) may only be shown once. Copy them to a secure location, like the 黑料海角91入口 Password Manager<\/a>, for future reference.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To configure 黑料海角91入口<\/strong><\/h3>\n\n\n\n
- \n
- Create a new application<\/a> or select it from the Configured Application<\/strong>s list.<\/li>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Select the Enable management of User Groups and Group Membership in this application<\/strong> checkbox if you want to provision, manage, and sync groups in Workplace by Facebook from 黑料海角91入口. <\/li>\n\n\n\n
- Click Configure<\/strong>.<\/li>\n\n\n\n
- You\u2019re presented with a Token Key<\/strong> field. Paste the access token you generated in the previous section.<\/li>\n\n\n\n
- Click save<\/strong>.<\/li>\n<\/ol>\n\n\n\n
Attribute Mappings<\/strong><\/h2>\n\n\n\n
The following table lists attributes that 黑料海角91入口 sends to the application. See Attribute Considerations<\/a> for more information regarding attribute mapping considerations. <\/p>\n\n\n\n
- Select the Identity Managemen<\/strong>t tab.<\/li>\n\n\n\n
- Click on the Create App<\/strong> button.<\/li>\n\n\n\n
- Go to\u00a0Applications<\/strong> and click an application tile to launch it<\/li>\n\n\n\n
- Go to USER AUTHENTICATION > SSO<\/strong> Applications<\/strong>, then select the application to which you want to authorize user access.<\/li>\n\n\n\n
- Log in to the <\/a>黑料海角91入口 Admin Portal<\/a>.<\/li>\n\n\n\n
- SAML URL<\/strong> – copy and paste the 黑料海角91入口 IDP URL<\/strong>.<\/li>\n\n\n\n
- Select Authentication SSO<\/strong>, then enable Single-sign on (SSO)<\/strong>.<\/li>\n\n\n\n
- Select the SSO <\/strong>tab and click IDP Certificate Valid > Download certificate<\/strong>.<\/li>\n<\/ol>\n\n\n\n
- Select the SSO<\/strong> tab.<\/li>\n\n\n\n
- Close<\/strong> to configure your new application at a later time <\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
- If successful, click:\n
- Click Save Application<\/strong>.<\/li>\n\n\n\n
- Go to\u00a0USER AUTHENTICATION\u00a0<\/strong>>\u00a0SSO<\/strong> Applications<\/strong>.<\/li>\n\n\n\n
- Log in to the 黑料海角91入口 Admin Portal<\/a>.<\/li>\n\n\n\n
- The following attributes are not supported by 黑料海角91入口:\n