Workplace from Meta

Learn how to integrate Workplace from Meta with idemeum passwordless SSO.

Workplace from Meta

Capabilities overview

Workplace is a communication tool that connects everyone in your company, even if they’re working remotely. Use familiar features like Groups, Chat and Live video broadcasting to get people talking and working together.

Pricing page

Supported capability Required plan Details
Passwordless SSO Core plan Low SSO tax
Automated provisioning Core plan SCIM 2.0 (create, deactivate, update accounts)


Before confoguring SAML SSO in Workplace from Meta make sure you have your domain added and verified.

In order to integrate idemeum with Workplace from Meta you will first need to obtain SAML metadata parameters for your idemeum tenant. Specifically you will need:

  • Identity Provider SSO URL
  • Identity Provider Entity ID
  • Public X509 certificate (PEM format)

Instructions for how to obtain these SAML metadata parameters are below.

How to obtain SAML metadata for idemeum
SAML metadata is the data that describes the information needed to communicate between your SaaS application and idemeum in order to enable Single Sign-On. Based on SAML terminology SaaS application is called Service Provider (SP) and idemeum will be Identity Provider (IDP). Typically you will be a…

Passwordless Single Sign-On (SAML)

  • Access your Workplace dashboard as admin user
  • Navigate to Admin Panel
  • Access Security -> Authentication
  • Click checkbox Single-sign-on (SSO) in the Allow people to authenticate using section. Choose SSO to be the default method for new users.
  • Click Add new SSO Provider
Now you will be using SAML configuration parameters obtained in the prerequisites section
  • Give your identity provider a name
  • For SAML URL enter Identity Provider SSO URL
  • For SAML Issuer URL enter Identity Provider Entity ID
  • For SAML certificate enter Public X509 certificate (PEM format)
  • Now scroll down and copy Workplace company ID and subdomain. You will need these parameters to configure idemeum.
Now we will configure Workplace in idemeum before testing our SAML configuration
  • Navigate to your idemeum admin portal at https://[your domain]
  • Click Applications in the left menu
  • Search for Workplace by Meta application and click Add App
  • Click SAML at the top navigation menu
Now you will be entering SAML metadata values obtained from Workplace
  • Enter subdomain and company ID that you obtianed from Workplace
  • Click Save
  • Now navigate to Entitlements on the left side manu and entitle Workplace application to at least admin user. We will need that for testing purposes.
  • Return to Workpace and click Test SSO
  • Upon successful test completion you can click Save changes
  • Now assign email domains to your SSO. Click Assign Email Domain and then choose email domains that you want to associate with SSO.
  • Click Save changes
  • And as a final step navigate to Settings -> People. Choose admin user and click edit settings and Edit person's details
  • In the authentication method choose SSO
  • Click Save changes

Automated provisioning with SCIM

  • Access your Workplace Dashboard as an admin
  • Navigate to Admin Panel -> Integrations -> Create custom integration
  • Give your integration a name and click Create
  • On the new page Create Access Token and copy the value as you will need that for idemeum integration
  • Navigate to Permissions and enable Manage accounts and Provision user accounts
  • Click Save
  • Navigate back to idemeum Workplace from Meta app configuration
  • Click on Provisioning section
  • Enter Access Token that you obtained from Workplace

Application entitlements

Before users can access applications you need to make sure you entitle applications to them. In idemeum admin portal navigate to Entitlements section to assign applications to your employees.

SAML SSO login flows

Workplace by Meta supports both:

  • IDP Initiated Flow
  • SP Initiated Flow

IDP Initiated flow

With this flow users first navigate to idemeum user catalog and then click on Workplace icon to launch application.

SP Initiated flow

With this flow users can directly go to Workplace and login with passwordless SSO.

  • Navigate to your Workplace URL -> https://[domain]
  • Then click Login with SSO
Great! Next, complete checkout for full access to idemeum integrations.
Welcome back! You've successfully signed in.
You've successfully subscribed to idemeum integrations.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.