Configure/ Enable Single Sign-On (SSO) in Yammer (Office 365)

Ashish Ratan Singh | January 20th, 2017 | Office 365, Yammer

In today’s date, there are numerous amount of applications providing facility to confidentially communicate within an organization. One such program is Yammer, which is an enterprise social networking service. The Internet domain of Yammer network is dependent upon an enterprise user because it maintains the privacy of communication over a network. Although Microsoft Yammer itself is enough for communicating privately but, to make this service more secure and confidential Yammer provides a mode named as Single sign-on (or SSO). This article is written with the purpose to show the users how to configure/ enable SSO in Yammer.

Single sign-on in Yammer is an enterprise control authentication technique, which provides scenarios like two-factor authentication. The working of SSO is in such a way that it allow its clients to perform login procedure with one set of credentials, which they are using for other programs. Well, whenever this mode is enabled, one can customize the authentication procedure in Yammer. After successfully customizing the changes, one will be directed back to Yammer.com page and signed in.

Note: Soon Yammer single sign-on and Yammer DSync are going to stop. Therefore, it is a suggestion to users that they should use Office 365 sign in for Yammer instead of Yammer Single Sign-On and Azure AD connect instead of Yammer Dsync.

Pre-Requisites to Enable SSO in Yammer

Before starting the procedure to configure/ activate single sign-on in Yammer, users first need to fulfill and learn following prerequisites:

  • Check that you are operating enterprise version of Yammer network and then find out Identity Provider (IdP). This provider should be connected to your system directory so that a user can use same login credentials for all applications.
  • Create a setup of an Identity Provider that uses 1.1 or 2.0 protocol of SAML version.
  • There should be an endpoint URI, which is externally accessible.
  • An IT Administrator is needed who knows the configuration of Identity Provider product.
  • There should be a plan to manage encryption and signing process, which expires regularly.

Working of Single Sign-On in Yammer

Basically, Single sign-on is a client authentication service and a session, which enable users to operate an individual set of sign-in credentials. It also controls authentication over Yammer network and reduces the risk of 3-party sites access. If one wants to enable SSO in Yammer network then, they will have to provide a certain amount of information to Microsoft.

Single Sign-On in Yammer

When users had enabled this authentication technique in Yammer at that time they are free to change default authentication process of Yammer network. At the time of logging in Yammer.com, users will automatically be redirected in Identity Provider. This is a service that is used for authentication.

Process to Enable Single Sign-On in Yammer (Office 365)

Users can activate this advanced authentication technique in Yammer with the help of following steps:

Enable SSO Yammer

STEP 1: Customer Provide Identity Provider Metadata

First, a customer will have to send Identity Provider Metadata to support. The process is simple if Active Directory federation Services & Windows Azure Active Directory provides both are used to find IdP Metadata. If metadata is provided by third party provider then, you have to manually gather the URL to get the configuration of metadata and then send it to support.

Tip: Third party provider takes more time in metadata configuration. Therefore, it is a recommendation that one should use the provider whose supports is SAML 2.0.

STEP 2: Implementation Of Service Provider Configuration

Metadata configuration from the customer end is now imported to Yammer support service provider. After the completion of import process, Yammer service provider sends the metadata & certificates to the customer due to which a package is ready for customer to import.

STEP 3: Creation of Relying Party Trust with Yammer Metadata

The created package of Step (2) installs the certificates. After the installation of necessary certificates, a relying party trust is built by performing the following instructions:

Add Relying Party Trust in Yammer Network

  • In Active Directory federation Services, go to Trust Relationships and right-click on Relying Party Trusts
  • Choose Add Relying Party Trust option from current menu list
  • Click on Start button and select Import data about the relying party from a file. After that, select metadata file and click on NEXT button
  • Mention a display name and allow users to access this relying party trust
  • Click on NEXT button two times to continue and at the end, click on Close button

Edit Claim Rules For Relying Party Trust

  • In Active Directory federation Services, go to the Issuance Transforms Rules tab → Add Rules.
  • From Select Rule Template box, select the Send LDAP Attributes as Claims option.
  • On the page of Configure Claim Rule, enter Get attributes in the Claim rule name and then choose Active Directory from Attribute store list.
  • Go to Mapping of LDAP attributes to outgoing claim types, choose E-Mail-Addresses for LDAP Attributes and SAML_SUBJECT for Outgoing Claim Type.
  • Click on Finish button to end up the procedure.

STEP 4: Test Single Sign-On and Make Email Changes

After establishing party trust, a customer will have to examine Single sign-on for all scenarios of authentication with the help of support. There are many tests to be performed and remember that test window will appear for 30-60 minutes. Make changes in your Email address to make it unique because Yammer identifies users based on their email address.

STEP 5: Activation Of Single sign-on

After the completion of the test, a customer will have to agree with all results of the test for activating single sign-on in Yammer.

Conclusion

Now its no more a question mark for end users to enable SSO in Yammer. The procedure requires two entities for its working i.e., a customer (or an end user) and support person from Microsoft. Moreover, it is mandatory to fulfill the prerequisites of procedure for accomplishment of this task.