Versions Compared

Old Version 2

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
style

The EmpowerID SSO framework allows you to configure Yammer as an identity provider (IdP) for

the

EmpowerID

Web application

. EmpowerID integrates with Yammer using

the OAuth protocol to allow your users to log in to EmpowerID using their Yammer account.

This topic describes how to configure an IDP connection for Yammer and is divided into the following activities:

  • Adding the Consumer Key, Consumer Secret and Redirect URI to the Yammer OAuth Connection
  • Adding MFA Points to the Yammer OAuth Connection
  • Adding a Login Tile for Yammer
    • Testing the Yammer connection
    InfoAs a prerequisite to creating an SSO Connection for Yammer as an Identity Provider, you must have a Yammer account and register the EmpowerID web application for your organization in the developer's section of the Yammer site. This creates a set of values known by Yammer and the EmpowerID web application that allow the two to enter into a federated trust relationship. These values include the Client ID and the Client Secret (these values are generated by Yammer), as well as the Redirect_URI. (This value is entered by you to tell Yammer where to post the assertion of a user's identity to the EmpowerID Assertion Consumer Service).

    For specific directions on registering EmpowerID as an application in Yammer, see the information provided by Yammer at https://www.yammer.com.

    When registering EmpowerID in Yammer, use the following URL as the Callback or Return URL, replacing "FQDN_OF_YOUR_EMPOWERID_SERVER"with the FQDN of the EmpowerID Web server in your environment.

    Code Block
    languagexml
    themeDJango
    Tip
    iconfalse

    OAuth 2.0.

    Note

    Prerequisites:

    Before configuring Yammer as an OAuth Identity Provider in EmpowerID, you need to meet the following conditions:

    • You must have a Yammer account

    • Create an application for EmpowerID in Yammer

    Info

    Once you have completed setting up an SSO connection for Yammer, you can create a link Once the IDP Connection has been set up for Yammer, you can create a link similar to the one below to allow users to login to EmpowerID using Yammer.

    https://FQDN_OF_YOUR_EMPOWERID_SERVER/WebIdPForms/Login/Portal/Yammer?returnUrl=%2FWebIdPForms%2F

    Be sure to replace

    "

    FQDN_OF_YOUR_EMPOWERID_SERVER

    "

    with the FQDN of

    the

    your EmpowerID

    Web

    server

    in your environment and "Yammer" with the name of the IDP connection you create for Yammer in EmpowerID

    .

    Code Block
    languagexml
    themeDJango

    To add the Client ID and Client Secret to the Yammer OAuth Connection

  • From the navigation sidebar, expand Admin > SSO Connections and click OAuth.
  • From the OAuth Applications management page, click the OAuth Service Provider tab and then search for Yammer.
    • From the OAuth Service Provider grid, click the Yammer link.
    Image Removed
    From the External OAuth Provider Details page that appears, click the Edit button for the specific Yammer connection you want to edit. By default, EmpowerID includes one connection. However, you can add as many connections for Yammer as your organization needs.
    Image Removed
    In the OAuth Connection pane that appears, type the Client ID Yammer generated for your application in the Consumer Key field and the Client Secret in the Consumer Secret field.
    Image Removed
  • Click Save to close the OAuth Connection pane.
  • Prepend the value of the Callback Url with the FQDN of your EmpowerID Web server, using the https scheme. For example, the FQDN of the EmpowerID Web server in our environment is "sso.empowersso.com" so the full Callback Url for our site is "https://sso.empowersso.com/empoweridwebidpforms/oauth/v2".
  • Click Save to close the OAuth Connection pane.
  • Optionally, add any desired MFA points to the Yammer application by following the below steps.

    • To add MFA points to the Yammer application

    1. From the External OAuth Providers page for Yammer, click the Provider Edit link at the top of the page.
    2. In the MFA Point Value field, type the number of MFA points you want to give to users logging in with Yammer.
    3. Click Save.
    Next, add a login tile for Yammer to the desired IdP Domains. This allows your users to authenticate to EmpowerID with their Yammer credentials. If you have not set up an IdP Domain for your environment, you can do so by following the directions in the below drop-down.
    Rw ui expands macro Rw ui expand macro
    titleTo create an IdP Domain
  • From the Navigation Sidebar, expand Admin > Applications and Directories and click SSO Components.
    • Click the IdP Domains tab and then click the Add IdP Domain button.
    Type the fully qualified domain name in the Domain Name field and then click Save.

    To add a Login Tile for Yammer

    From the Navigation Sidebar, expand Admin > Applications and Directories > SSO Connections and click SSO Components

    Steps

    To configure Yammer as an Identity Provider for EmpowerID, you need to do the following:

    1. Create an application for EmpowerID in Yammer

    2. Configure the default Yammer OAuth Provider app

    3. Add a Login button to the Login page for Yammer

    4. Test the OAuth provider app

    Registration an application for EmpowerID in Yammer

    To allow users to authenticate to EmpowerID using their Yammer credentials, you must register EmpowerID as an OAuth application in the Yammer developer console. See Yammer’s article at https://developer.yammer.com/docs for directions on how to do this. During the app registration process, Yammer will generate a Client ID and Client Secret for the application. You will use these when you create an OAuth Provider App for Yammer in EmpowerID.

    When registering an application for EmpowerID in Yammer, set the following:

    Setting

    Description

    Application Name

    Name of the application you are creating. This can be any value.

    Organization

    The name of your organization

    Support e-mail

    An email address users of your app can contact for application support

    Website

    Your organization’s website

    Redirect URI

    The URL to redirect the user’s browser to after the user has linked the application to their Yammer account.

    https://YOUR_EMPOWERID_SERVER/WebIdPForms/oauth/v2

    Configure the default Yammer OAuth Provider app

    1. On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.

    2. Select the External OAuth Services tab and then search for Yammer.

    3. Click the Provider link for Yammer.

      Image Added

    4. Click the Edit button for the default Yammer OAuth provider app.

      Image Added

    5. Under General Settings, fill in the following information and then click Save.

    Field

    Description

    Consumer Key

    Consumer Key generated by Yammer for the app

    Consumer Secret

    Consumer Secret generated by Yammer for the app

    Is Identity Provider

    Select this option to flag the OAuth provider as an Identity Provider app.

    Select existing Account Directory

    Select Yammer to place authenticated users in the selected account store.

    Callback Url

    This is the URI that Yammer redirects users after they have authenticated with Yammer. The URL should look like the following: https://YOUR_EMPOWERID_SERVER/WebIdPForms/oauth/v2, where YOUR_EMPOWERID_SERVER is the FQN of your EmpowerID Web server.

    Add a Login Button for Yammer

    1. On the navbar, expand Single Sign-On > SSO Connections and click SSO Connections.

    2. Select the IdP Domains tab and then click the IdP Domains link for the IdP

    domain for which

    1. Domain where you want

    to add a login tileIn the IdP Domain Details page that appears, click

    1. the Login tile to appear.

    Image Removed
    1. Image Added

    2. Select the External OAuth Providers tab and

    check

    1. then select the

    box beside

    1. Yammer provider.

    Image Removed
    1. Image Added

    2. Click Save.

    warning
    Note

    To give users the ability to log in using their EmpowerID credentials, be sure to

    select EmpowerID from the 

    select EmpowerID from the SAML Identity Providers

     tab

     tab of the IdP Domain Details page.

    Image Removed

    To test the Yammer IdP connection

  • From the Navigation Sidebar, expand IT Shop and click Workflows.
    • From the Workflows page, recycle the EmpowerID App Pools by clicking Recycle EmpowerID App Pools.
    Image Removed

    Test the OAuth Provider App

    1. Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the Yammer IdP connection.

    2. Click the Login

    using

    1. Using Yammer

    button

    1. tile.

    Image Removed
    This redirects your browser to the Yammer Login for the EmpowerID web application you created in Yammer. Enter your Yammer credentials and click Log In.
    Image Removed
    Yammer directs you to the Access Request page for the EmpowerID application you created in Yammer. Click Allow to allow

    1. Log in to Yammer as you normally would.

    2. Click Allow to authorize EmpowerID to retrieve the necessary information

    in needs

    1. to link the Yammer account to your EmpowerID identity (Person

    .
    Image Removed
    Info

    This permissions page only appears the first time you log in to EmpowerID with your Yammer account. Subsequent logins simply redirect your browser from the Yammer login page to the EmpowerID web application.

    Back in the EmpowerID Web application, click Yes to indicate that you have an EmpowerID login.
    Image Removed
    Info

    Users without EmpowerID Persons can request EmpowerID accounts by clicking No. This initiates the Create User Account workflow, which displays a form in the browser to allow the user to fill in the appropriate information. If a user submits the request, EmpowerID routes that request to those individuals in your environment with the ability to approve or deny the request and returns the user to the EmpowerID Web login.

    Type your EmpowerID Login or Email in the form and click Submit. The EmpowerID Person must have a valid email address as EmpowerID sends a one-time password to that address.
    Image Removed
  • Check your email for the one-time password.
    • Back in the EmpowerID Web interface, type the one-time password into the Password field of the One-Time Password Validation form and click Submit.
    Image Removed
    InfoUpon successful submission of your one-time password, EmpowerID logs the user in and joins the Yammer account to their EmpowerID Person account.
    Tip

    If you have set up the user's Password Manager policy to require the user accumulate a specific number of trust points beyond those granted by the identity provider, EmpowerID will direct the user through any Multi-factor methods you have enabled on the policy until they reach the needed point threshold to log in.

    Div
    stylemargin-top: 25px;
    classrelatedContent
    Rw ui expands macro Rw ui expand macro
    titleRelated Content
    Div

    1. object).


      You should be authenticated to EmpowerID.

    classtopicTOC
    Div
    id
    stylefloat: left; position: fixed; top: 105px; padding: 5px;

    IN THIS ARTICLE

    Table of Contents
    maxLevel4
    minLevel
    div

    Live Search
    spaceKeyE2D
    placeholderSearch the documentation
    typepage

    Div
    stylefont-size: 1rem; margin-bottom: -65px; margin-left: 40px;text-transform: uppercase;

    On this page

    Table of ContentsmaxLevel2stylenone
    2
    style
    margin-left: 40px; margin-bottom: 40px;
    none

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue