{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","params":[],"results":{"codes":[]},"settings":""},"next":{"description":"","pages":[]},"title":"Classic Embed FAQ","type":"basic","slug":"requirements","excerpt":"","body":"Only desktop browsers are supported with Classic Yammer Embed. Yammer Embed requires a [browser supported by Yammer](https://support.microsoft.com/en-us/office/which-browsers-work-with-office-for-the-web-ad1303e0-a318-47aa-b409-d3a5eb44e452). \n\nSee the Safari Cookie Support section in this doc for additional support information when using Safari.\n\n## Does Yammer Embed support single sign-on (SSO)? ##\n\nBefore discussing the details of SSO it is important to define what this means in the context of Yammer Embed. Originally, Yammer Embed would authenticate directly with an identity provider associated directly with the Yammer network specified in the *network* parameter. This [classic SSO configuration was deprecated in 2016](https://developer.yammer.com/blog/reminder-yammer-sso-deprecation) when Yammer moved to supporting authentication with Azure Active Directory and Microsoft 365 identity.\n\nWith the change to Microsoft 365 identity, the Embed component started to bootstrap authentication with Yammer before redirecting to Azure AD, and possibly other systems, based on how the Microsoft 365 tenant was configured. The result was that the *use_sso* parameter became a hint rather than a direct command. New behavior results depending on whether the user is authenticated to Yammer and/or Azure AD:\n[block:parameters]\n{\n  \"data\": {\n    \"0-0\": \"Yes\",\n    \"h-0\": \"Authenticated to Yammer\",\n    \"h-1\": \"Authenticated to AAD\",\n    \"0-1\": \"Yes\",\n    \"h-2\": \"Embed behavior\",\n    \"0-2\": \"Embed can bootstrap without requiring any interaction from the user.\",\n    \"1-0\": \"No\",\n    \"1-1\": \"No\",\n    \"1-2\": \"The user must be fully authenticated. This is most common when Embed is hosted in an on-prem or other product which does not require Azure AD authentication.\\n\\nThe experience will differ depending on how the user signs into Azure AD and how any identity provider is configured. Flows with Windows Authentication are often smoothest. \\n\\nAny flow which uses forms-based authentication may send an X-Frame-Options header which blocks inline form loading. This results in the use_sso parameter causing issues when set to true.\\n\\n**NOTE:** There is no workaround for this problem because the header is sent for security reasons and requires changing Azure AD or the identity provider.\",\n    \"2-0\": \"No\",\n    \"2-1\": \"Yes\",\n    \"2-2\": \"This is a common scenario when Embed is hosted in SharePoint Online or another service that is authenticated using Azure AD. \\n\\nThe user has already authenticated to Azure AD, so Embed can reuse that authentication when the use_sso parameter is set to true.\"\n  },\n  \"cols\": 3,\n  \"rows\": 3\n}\n[/block]\nNOTE: For SSO redirection to work correctly, the domain used in the embed configuration must be configured for federation in Office 365. Any domain from the Yammer network can be used in that field. If a non-federated domain is used, SSO for embed may not work\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"yam.connect.embedFeed({\\n    container: '#embedded-feed',\\n    network: 'domain.com', // network domain configured for federation\\n    feedType: '',\\n    feedId: '',\\n    config: {\\n        use_sso: true, // this line enables SSO\\n        header: true,\\n        footer: true,\\n        showOpenGraphPreview: false,\\n        defaultGroupId: 3257958      // specify default group id to post to \\n    }\\n});\",\n      \"language\": \"javascript\",\n      \"name\": \"Example showing use_sso parameter\"\n    }\n  ]\n}\n[/block]\n### How Embed redirects users within the iframe ###\n\nRedirection for authentication occurs within the Embed iframe when the use_sso flag is true. When set to false, a user may be prompted to authenticate via a popup window. The default value for use_sso is false, including when the parameter is unspecified.\n\nAny page returning a *X-Frame-Options: Deny* or similar header will fail to load inside the iframe by design. This is a security mechanism set by authentication pages and respected by the browser. In some environments, only use_sso:false will be a viable configuration. Major infrastructure changes could be required to permit use of use_sso:true.\n\n## Can I host my own copy of Yammer Embed? ##\n\nHosting your own copy of Yammer Embed is not supported.\n\nThe Yammer Embed code must be loaded from the Yammer CDNs referenced in the documentation. Serving local copies of the Embed code to users is not supported because you will not be notified of updates, including security fixes, which are automatically deployed to the CDN.\n\n## Does Yammer recommend hard coding IP addresses? ##\n\nRefer to [Microsoft 365 URLs and IP address ranges](https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges) for information on IP addresses used by Microsoft 365. it is recommended that you [do not block by IP address](https://techcommunity.microsoft.com/t5/yammer-blog/using-hard-coded-ip-addresses-for-yammer-is-not-recommended/ba-p/276592) for the best Yammer experience. \n\n## What should I know when using Classic Embed with Internet Explorer? ##\n\n### Support for Internet Explorer will end in August 2021###\n\nOnly Internet Explorer 11 is supported at this time, but it is strongly recommended that a modern browser is used for the best performance and security. Microsoft 365 apps and services, including Yammer, will not support Internet Explorer 11 starting August 17, 2021. [Learn more](https://aka.ms/AA97tsw).\n\n### Always use the \"edge\" document mode ###\n\nInternet Explorer has a *document mode* feature determines which version of the browser engine should be used to render a page. Setting pages to use the \"edge\" document mode with the following meta tag will ensure that pages load using the most modern engine in IE11:\n\n```<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />```\n\nYou may find that the application or web page hosting Embed needs to be changed to support this document mode. Embed cannot be changed to support older document modes, so inevitably compatibility changes need to be made to the application or web page.\n\n### Security Zones ###\n\nInternet Explorer (all versions) and Edge Legacy need to have the Yammer URLs and the FQDN of the site hosting embed configured in the same IE security zone with a rating of Trusted Sites or Intranet Sites\nIn Internet Explorer security settings, add [all Yammer FQDNs](https://support.office.com/en-gb/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_yammer) as well as the FQDN of the site where embed is hosted to the Trusted Sites zone or Intranet zone. \n\nIn many cases, Yammer Embed will be added to an environment where existing URLs have been added to zones. This may complicate configuration and significant changes may be required to get Embed to work. The exact changes required will differ from deployment to deployment and investigation will be required to identify the correct configuration. Testing may need to be performed to ensure that other applications are not affected.\n\n## What should I know when using Classic Embed with Safari? ##\n\n### Safari on mobile ###\n\nClassic Embed is not supported on mobile. Therefore, Safari on iOS (iPhone and iPad) may exhibit issues in normal usage, especially during authentication.\n\n### Safari cookie support on desktop ###\n\nSafari is much more restrictive when working with cookies. This becomes a problem with authentication because many services are involved, including Yammer, Azure AD, and possibly 3rd party identity providers depending on how the Yammer network and Microsoft 365 tenant is configured.\n\nAny cookie that is solely created inside an iframe is considered a 'third party cookie' by Safari, and the browser will not send them with requests. This causes issues with the Yammer authentication flow, which uses cookies extensively. \n\nThis issue will exhibit most often in a session where the user has never visited Yammer outside of the embed iframe. There are two workarounds:\n\n* Change the user settings so that \"Safari Preferences >Privacy > Cookies and website data\" is set to \"Always allow\"\n* If not using a private window, navigate to Yammer.com first to establish a session. Then return to the page hosting Yammer Embed page or reload it. Embed will pick up the session that was manually established. \n\nFor newer versions of Safari, disabling \"Prevent Cross Site Tracking\" is also required. This setting applies to all sites. It is a feature designed to protect privacy which interferes with cookies by design.\n\n## What is skinny mode? ##\n\nThis is special narrow feed mode for Classic Embed. If you configure any embedded feed to be less than 400px wide, the embedded feed will switch to skinny mode. The user experience for feeds in skinny mode exposes fewer features. Most clickable UI elements will take users to the appropriate place in the Yammer site.\n\nIt is recommended that you avoid skinny mode where possible because of the loss in functionality. A richer feed will result in better engagement through the page hosting Yammer Embed.","updates":["5589db2e9883a40d00c4340d","57fbfa3e35c9ad0e00ac8a7e","5aa2fb7a5aa187006c95fb39","5aa2fbce8b7561001227296c","5b90245c391e2300031bae5e","5c79411ed0d18a003f96c1b5"],"order":3,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"55761ac11ce9e6370050137b","parentDoc":null,"category":{"sync":{"isSync":false,"url":""},"pages":["54737d5f1a20c70800e1895f","54737d801a20c70800e18961","54737d95007eb108007e03a8","547381da007eb108007e03c7","547382311a20c70800e1897a","55761ac11ce9e6370050137b"],"title":"Yammer Embed","slug":"yammer-embed","order":7,"from_sync":false,"reference":false,"_id":"546b9082b47b5d1400109ee0","project":"545137a814af501a00b50cf9","version":"545137a814af501a00b50cfc","__v":6,"createdAt":"2014-11-18T18:31:30.383Z"},"createdAt":"2015-06-08T22:44:17.750Z","githubsync":"","user":"5490a27d0c7786160022fb30","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["545137a814af501a00b50cfd","545138eaa66f020800dbab4a","546b9072b47b5d1400109edf","546b9082b47b5d1400109ee0","546b9088b47b5d1400109ee1","546b909462515a14007ebc43","546b90a0b47b5d1400109ee2","546ced235884600e007a92f6","5481008eea7fd40b00cd7c2b","573b9d83ee2b3b220042291f","57be1efa15efc70e006a5f99","5ee004f52c97b4004c7a5876"],"_id":"545137a814af501a00b50cfc","project":"545137a814af501a00b50cf9","__v":12,"createdAt":"2014-10-29T18:53:28.525Z","releaseDate":"2014-10-29T18:53:28.525Z"},"project":"545137a814af501a00b50cf9","__v":11}
Only desktop browsers are supported with Classic Yammer Embed. Yammer Embed requires a [browser supported by Yammer](https://support.microsoft.com/en-us/office/which-browsers-work-with-office-for-the-web-ad1303e0-a318-47aa-b409-d3a5eb44e452). See the Safari Cookie Support section in this doc for additional support information when using Safari. ## Does Yammer Embed support single sign-on (SSO)? ## Before discussing the details of SSO it is important to define what this means in the context of Yammer Embed. Originally, Yammer Embed would authenticate directly with an identity provider associated directly with the Yammer network specified in the *network* parameter. This [classic SSO configuration was deprecated in 2016](https://developer.yammer.com/blog/reminder-yammer-sso-deprecation) when Yammer moved to supporting authentication with Azure Active Directory and Microsoft 365 identity. With the change to Microsoft 365 identity, the Embed component started to bootstrap authentication with Yammer before redirecting to Azure AD, and possibly other systems, based on how the Microsoft 365 tenant was configured. The result was that the *use_sso* parameter became a hint rather than a direct command. New behavior results depending on whether the user is authenticated to Yammer and/or Azure AD: [block:parameters] { "data": { "0-0": "Yes", "h-0": "Authenticated to Yammer", "h-1": "Authenticated to AAD", "0-1": "Yes", "h-2": "Embed behavior", "0-2": "Embed can bootstrap without requiring any interaction from the user.", "1-0": "No", "1-1": "No", "1-2": "The user must be fully authenticated. This is most common when Embed is hosted in an on-prem or other product which does not require Azure AD authentication.\n\nThe experience will differ depending on how the user signs into Azure AD and how any identity provider is configured. Flows with Windows Authentication are often smoothest. \n\nAny flow which uses forms-based authentication may send an X-Frame-Options header which blocks inline form loading. This results in the use_sso parameter causing issues when set to true.\n\n**NOTE:** There is no workaround for this problem because the header is sent for security reasons and requires changing Azure AD or the identity provider.", "2-0": "No", "2-1": "Yes", "2-2": "This is a common scenario when Embed is hosted in SharePoint Online or another service that is authenticated using Azure AD. \n\nThe user has already authenticated to Azure AD, so Embed can reuse that authentication when the use_sso parameter is set to true." }, "cols": 3, "rows": 3 } [/block] NOTE: For SSO redirection to work correctly, the domain used in the embed configuration must be configured for federation in Office 365. Any domain from the Yammer network can be used in that field. If a non-federated domain is used, SSO for embed may not work [block:code] { "codes": [ { "code": "yam.connect.embedFeed({\n container: '#embedded-feed',\n network: 'domain.com', // network domain configured for federation\n feedType: '',\n feedId: '',\n config: {\n use_sso: true, // this line enables SSO\n header: true,\n footer: true,\n showOpenGraphPreview: false,\n defaultGroupId: 3257958 // specify default group id to post to \n }\n});", "language": "javascript", "name": "Example showing use_sso parameter" } ] } [/block] ### How Embed redirects users within the iframe ### Redirection for authentication occurs within the Embed iframe when the use_sso flag is true. When set to false, a user may be prompted to authenticate via a popup window. The default value for use_sso is false, including when the parameter is unspecified. Any page returning a *X-Frame-Options: Deny* or similar header will fail to load inside the iframe by design. This is a security mechanism set by authentication pages and respected by the browser. In some environments, only use_sso:false will be a viable configuration. Major infrastructure changes could be required to permit use of use_sso:true. ## Can I host my own copy of Yammer Embed? ## Hosting your own copy of Yammer Embed is not supported. The Yammer Embed code must be loaded from the Yammer CDNs referenced in the documentation. Serving local copies of the Embed code to users is not supported because you will not be notified of updates, including security fixes, which are automatically deployed to the CDN. ## Does Yammer recommend hard coding IP addresses? ## Refer to [Microsoft 365 URLs and IP address ranges](https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges) for information on IP addresses used by Microsoft 365. it is recommended that you [do not block by IP address](https://techcommunity.microsoft.com/t5/yammer-blog/using-hard-coded-ip-addresses-for-yammer-is-not-recommended/ba-p/276592) for the best Yammer experience. ## What should I know when using Classic Embed with Internet Explorer? ## ### Support for Internet Explorer will end in August 2021### Only Internet Explorer 11 is supported at this time, but it is strongly recommended that a modern browser is used for the best performance and security. Microsoft 365 apps and services, including Yammer, will not support Internet Explorer 11 starting August 17, 2021. [Learn more](https://aka.ms/AA97tsw). ### Always use the "edge" document mode ### Internet Explorer has a *document mode* feature determines which version of the browser engine should be used to render a page. Setting pages to use the "edge" document mode with the following meta tag will ensure that pages load using the most modern engine in IE11: ```<meta http-equiv="X-UA-Compatible" content="IE=edge" />``` You may find that the application or web page hosting Embed needs to be changed to support this document mode. Embed cannot be changed to support older document modes, so inevitably compatibility changes need to be made to the application or web page. ### Security Zones ### Internet Explorer (all versions) and Edge Legacy need to have the Yammer URLs and the FQDN of the site hosting embed configured in the same IE security zone with a rating of Trusted Sites or Intranet Sites In Internet Explorer security settings, add [all Yammer FQDNs](https://support.office.com/en-gb/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_yammer) as well as the FQDN of the site where embed is hosted to the Trusted Sites zone or Intranet zone. In many cases, Yammer Embed will be added to an environment where existing URLs have been added to zones. This may complicate configuration and significant changes may be required to get Embed to work. The exact changes required will differ from deployment to deployment and investigation will be required to identify the correct configuration. Testing may need to be performed to ensure that other applications are not affected. ## What should I know when using Classic Embed with Safari? ## ### Safari on mobile ### Classic Embed is not supported on mobile. Therefore, Safari on iOS (iPhone and iPad) may exhibit issues in normal usage, especially during authentication. ### Safari cookie support on desktop ### Safari is much more restrictive when working with cookies. This becomes a problem with authentication because many services are involved, including Yammer, Azure AD, and possibly 3rd party identity providers depending on how the Yammer network and Microsoft 365 tenant is configured. Any cookie that is solely created inside an iframe is considered a 'third party cookie' by Safari, and the browser will not send them with requests. This causes issues with the Yammer authentication flow, which uses cookies extensively. This issue will exhibit most often in a session where the user has never visited Yammer outside of the embed iframe. There are two workarounds: * Change the user settings so that "Safari Preferences >Privacy > Cookies and website data" is set to "Always allow" * If not using a private window, navigate to Yammer.com first to establish a session. Then return to the page hosting Yammer Embed page or reload it. Embed will pick up the session that was manually established. For newer versions of Safari, disabling "Prevent Cross Site Tracking" is also required. This setting applies to all sites. It is a feature designed to protect privacy which interferes with cookies by design. ## What is skinny mode? ## This is special narrow feed mode for Classic Embed. If you configure any embedded feed to be less than 400px wide, the embedded feed will switch to skinny mode. The user experience for feeds in skinny mode exposes fewer features. Most clickable UI elements will take users to the appropriate place in the Yammer site. It is recommended that you avoid skinny mode where possible because of the loss in functionality. A richer feed will result in better engagement through the page hosting Yammer Embed.