SSO Overview

LINE WORKS supports single sign-on (SSO).
SSO allows users to access all the integrated services with a single login, helping them manage their accounts more easily with only a single ID and password.

IdP and SP {#idp-and-sp}

In SSO, there are an identity provider (IdP) and a service provider (SP).

  • IdP
    • Authentication service to manage IDs
    • You can set only one IdP.
  • SP
    • Target service to which you can log in with the IdP's authentication information
    • You can set multiple services for SP.

Configuration guide {#sso-configuration-guide}

For more information, see Enable SSO.

Authentication types {#sso-auth-type}

LINE WORKS SSO supports authentication using Security Assertion Markup Language 2.0 (SAML 2.0) or Open Authorization 2.0 (OAuth 2.0).

  • If LINE WORKS functions as an IdP: SAML 2.0
  • If LINE WORKS functions an SP: SAML 2.0 and OAuth 2.0

Set up SSO {#sso-configuration}

You can set up LINE WORKS SSO in the Developer Console.
For more information, see the following pages:

  • Use LINE WORKS with Your Company Account (SP)
  • Log in with a LINE WORKS ID (IdP)

Caution

  • Set up SSO for all the services to integrate with LINE WORKS.
  • For how to set up SSO for services to integrate, contact each service representative.

Pricing plan {#sso-available-plan}

SSO is available for all pricing plans.

Note

  • LINE WORKS Pricing

Login retention {#login-retention-period}

When LINE WORKS functions as an IdP, the login retention period is as follows:

  • Mobile app: The Login duration setting in the LINE WORKS Admin applies.
  • Desktop web: The Idle session timeout setting in the LINE WORKS Admin applies.
  • Desktop app: 30 days or until the desktop app is closed.

Caution

  • The login retention of a service to integrate is set by the service.

When LINE WORKS functions as an IdP, the login retention period is as follows:

  • Mobile app: 30 days
  • Desktop web: 24 hours or until the browser is closed.
  • Desktop app: 30 days or until the desktop app is closed.

How to set login retention {#login -retention-period-setting}

If LINE WORKS functions an SP, enable Set Expire Time to set the login retention that the IdP usually uses. Set Expire Time

The IdP specifies the following values to set the login retention period for LINE WORKS.

  • SAML: AuthnStatementSessionNotOnOrAfter in SAML Response
  • OAuth: expires_in in the response to Get an access token

Note

  • If Set Expire Time of SSO is not enabled in the Developer Console, the default login retention period applies.
  • If SessionNotOnOrAfter or expires_in is not specified, the default login retention period applies.
    * For the public APIs, the default retention period is 1 hour (web browser), 24 hours (mobile app), and 30 days (desktop app).

To enable Set Expire Time, go to SSO in the Developer Console and select Use for Set Expire Time.

IP access control {#access-ip-restriction}

You can use SSO with IP access control, which is available after the SSO login.

Note

  • See Network security - Access IP control.