Capabilities overview
Workplace is a communication tool that connects everyone in your company, even if they’re working remotely. Use familiar features like Groups, Chat and Live video broadcasting to get people talking and working together.
| Supported capability | Required plan | Details |
|---|---|---|
| Passwordless SSO | Core plan | Low SSO tax |
| Automated provisioning | Core plan | SCIM 2.0 (create, deactivate, update accounts) |
Prerequisites
Before confoguring SAML SSO in Workplace from Meta make sure you have your domain added and verified.
In order to integrate idemeum with Workplace from Meta you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:
- Identity Provider SSO URL
- Identity Provider Entity ID
- Public X509 certificate (PEM format)
Instructions for how to obtain these SAML metadata parameters are below.
idemeum team
Passwordless Single Sign-On (SAML)
- Access your Workplace dashboard as admin user
- Navigate to Admin Panel
- Access Security -> Authentication
- Click checkbox Single-sign-on (SSO) in the Allow people to authenticate using section. Choose SSO to be the default method for new users.
- Click Add new SSO Provider
Now you will be using SAML configuration parameters obtained in the prerequisites section
- Give your identity provider a name
- For SAML URL enter Identity Provider SSO URL
- For SAML Issuer URL enter Identity Provider Entity ID
- For SAML certificate enter Public X509 certificate (PEM format)
- Now scroll down and copy Workplace company ID and subdomain. You will need these parameters to configure idemeum.
Now we will configure Workplace in idemeum before testing our SAML configuration
- Navigate to your idemeum admin portal at https://[your domain].idemeum.com/adminportal
- Click Applications in the left menu
- Search for Workplace by Meta application and click Add App
- Click SAML at the top navigation menu
Now you will be entering SAML metadata values obtained from Workplace
- Enter subdomain and company ID that you obtianed from Workplace
- Click Save
- Now navigate to Entitlements on the left side manu and entitle Workplace application to at least admin user. We will need that for testing purposes.
- Return to Workpace and click Test SSO
- Upon successful test completion you can click Save changes
- Now assign email domains to your SSO. Click Assign Email Domain and then choose email domains that you want to associate with SSO.
- Click Save changes
- And as a final step navigate to Settings -> People. Choose admin user and click edit settings and Edit person's details
- In the authentication method choose SSO
- Click Save changes
Automated provisioning with SCIM
- Access your Workplace Dashboard as an admin
- Navigate to Admin Panel -> Integrations -> Create custom integration
- Give your integration a name and click Create
- On the new page Create Access Token and copy the value as you will need that for idemeum integration
- Navigate to Permissions and enable Manage accounts and Provision user accounts
- Click Save
- Navigate back to idemeum Workplace from Meta app configuration
- Click on Provisioning section
- Enter Access Token that you obtained from Workplace
Application entitlements
Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.
SAML SSO login flows
Workplace by Meta supports both:
- IDP Initiated Flow
- SP Initiated Flow
IDP Initiated flow
With this flow users first navigate to idemeum user catalog and then click on Workplace icon to launch application.
SP Initiated flow
With this flow users can directly go to Workplace and login with passwordless SSO.
- Navigate to your Workplace URL -> https://[domain].workplace.com
- Then click Login with SSO
