Use LINE WORKS with Your Company Account (SP)

This page describes how to integrate single sign-on (SSO) between LINE WORKS (SP, service provider) and the customer (IdP, identity provider).

Authentication types {#sso-auth-type}

Two types of SSO, OAuth 2.0 and Security Assertion Markup Language (SAML) 2.0, are available.

How to set up {#sso-setting}

Enable SSO {#enable-sso}

Select SSO > WORKS as SP in the Developer Console. Select SAML or OAuth for SSO Type and click APPLY to enable SSO. For more information about how to set up each SSO type, see the following documents.

  • SAML
  • OAuth

SSO user key {#sso-userkey}

img.png

  • It is a user identifier used for communication between LINE WORKS and the customer.
    • NameID of SAML
    • The user_id value of the OAuth Return User Information API
  • You can choose between the following two values.
    • External Key
    • LINE WORKS Account

Caution

  • A LINE WORKS account may change as the ID is changed or the user is relocated.

Set external keys {#external-key-assign}

To work with the IdP, set unique user IDs of the IdP for external keys of LINE WORKS.

Set external keys in the Developer Console {#external-key-assign-by-developer-console}

  1. Log in to the Developer Console.
  2. Select Organization Sync.
  3. Under Member External Key Mapping, click DOWNLOAD to download a CSV file.
  4. Open the downloaded file and add all the external keys.
  5. Click UPLOAD to upload the CSV file you have updated.
  6. Click Save.

Set external keys in the LINE WORKS Admin {#external-key-assign-by-admin-console}

After SSO is enabled, you can set external keys in the LINE WORKS Admin.

  1. Log in to the LINE WORKS Admin.
  2. Go to Member > Member Information and select Edit Member.
  3. Add an external key.
  4. Click Save.

Note

  • You can also set an external key when adding a member, where External Key is a required field.

SSO login URL {#sso-login-url}

Use the following URL to directly move to the specified login page. https://auth.worksmobile.com/d/login/{customer domain}?accessUrl={LINE WORKS service URL (URL-encoded)}

URL Example {#sso-login-url-example}

https://auth.worksmobile.com/d/login/mycompany.com?accessUrl=https%3A%2F%2Fboard.worksmobile.com

What you should be aware of {#notes}

Effects of enabling or disabling SSO {#affect-by-sso-configuration}

When SSO is enabled {#affect-by-sso-enabling}

The effects of enabling SSO are as follows:

  • Pending users become In use.
  • In use members are logged out.
  • The invitation links sent before SSO is enabled are all invalidated.
  • Members who have not been approved are deleted.
  • The third-party app passwords of all the members are deleted.
  • All the access tokens are deactivated.

When SSO is disabled {#affect-by-sso-disabling}

The effects of disabling SSO are as follows:

  • All the members are logged out.
  • The passwords for all the members except the Super Admin are deleted.

Limited features {#limitation-by-sso}

When SSO is enabled, the following features are limited.

Admin (admin.worksmobile.com) {#limitation-on-admin-console}

  • Change a member's password
  • Set passwords when adding a new member or bulk-adding members
  • Set an invitation
  • Set password policies
  • Set login retention

Service screen {#limitation-on-service}

  • Log in with a LINE WORKS ID and password
  • Check LINE WORKS IDs
  • Change passwords
  • Invite a member
  • Set third-party app passwords

Disable features {#enablement-by-sso}

When SSO is enabled, you can disable the following features.

Admin (admin.worksmobile.com) {#enablement-on-admin-console}

  • Set external keys
  • Set whether to use third-part app passwords

Developer Console {#enablement-on-developer-console}

  • Set Logout Redirection Domain