{"_id":"54737d801a20c70800e18961","parentDoc":null,"__v":8,"category":{"_id":"546b9082b47b5d1400109ee0","pages":["54737d5f1a20c70800e1895f","54737d801a20c70800e18961","54737d95007eb108007e03a8","547381da007eb108007e03c7","547382311a20c70800e1897a","55761ac11ce9e6370050137b"],"project":"545137a814af501a00b50cf9","version":"545137a814af501a00b50cfc","__v":6,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-11-18T18:31:30.383Z","from_sync":false,"order":8,"slug":"yammer-embed","title":"Yammer Embed"},"project":"545137a814af501a00b50cf9","version":{"_id":"545137a814af501a00b50cfc","project":"545137a814af501a00b50cf9","__v":11,"createdAt":"2014-10-29T18:53:28.525Z","releaseDate":"2014-10-29T18:53:28.525Z","categories":["545137a814af501a00b50cfd","545138eaa66f020800dbab4a","546b9072b47b5d1400109edf","546b9082b47b5d1400109ee0","546b9088b47b5d1400109ee1","546b909462515a14007ebc43","546b90a0b47b5d1400109ee2","546ced235884600e007a92f6","5481008eea7fd40b00cd7c2b","573b9d83ee2b3b220042291f","57be1efa15efc70e006a5f99"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"user":"5433099f9a2b451a00ad4531","updates":["54eaae63a1bce10d00d30695","56006d5f0c703d1900953140","563d758f0bc2b80d00f30fc4","5640f93634117a0d0008d146","583dc84879d6151900128bcf"],"next":{"pages":[],"description":""},"createdAt":"2014-11-24T18:48:32.789Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"basic_auth":false,"results":{"codes":[]},"settings":"","try":true,"auth":"never","params":[],"url":""},"isReference":false,"order":1,"body":"[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"Important\",\n  \"body\": \"**Yammer SSO is being deprecated and will stop working after December 1st, 2016. You will not be able to set up new configurations with Yammer SSO after April 1st, 2016. **\"\n}\n[/block]\nYammer Embed can support redirection to your identity provider for Single Sign-on configured with Office 365/AAD, if such configuration is available and configured for your Office 365 tenant.\n\nTo use Yammer Embed with automatic redirection to your SSO provider, see the following code sample below, specifically the config section with the use_sso flag.\n\nNOTE: For SSO redirection to work correctly, the domain used in the embed configuration must be configured for federation in Office 365. Any domain from the Yammer network can be used in that field. If a non-federated domain is used, SSO for embed will not work.\"\n\nFor more information about Yammer SSO deprecation and the Yammer platform , please see this [developer blog post](https://developer.yammer.com/blog/reminder-yammer-sso-deprecation). \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"yam.connect.embedFeed({\\n    container: '#embedded-feed',\\n    network: 'domain.com', // network domain configured for federation\\n    feedType: '',\\n    feedId: '',\\n    config: {\\n        use_sso: true, // this line enables SSO\\n        header: true,\\n        footer: true,\\n        showOpenGraphPreview: false,\\n        defaultGroupId: 3257958      // specify default group id to post to \\n    }\\n});\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n**Modern Browser Security**\n\nRedirection to the identity provider occurs within the Embed iframe when the use_sso flag is true, instead of using the default popup window. If your identity provider returns an *X-Frame-Options: Deny* header, then modern browsers will fail to load the sign-in form. This is by design within the web browser and is not controlled by Yammer. \n\nMicrosoft ADFS 3.0, and many other identity providers return this header when forms-based authentication is in use to protect against click-jacking attacks. Users accessing with Integrated Windows Authentication do not receive the *X-Frame-Options: Deny* header which means that the authentication happens successfully for the user.","excerpt":"","slug":"single-sign-on","type":"basic","title":"Single Sign-On"}
[block:callout] { "type": "warning", "title": "Important", "body": "**Yammer SSO is being deprecated and will stop working after December 1st, 2016. You will not be able to set up new configurations with Yammer SSO after April 1st, 2016. **" } [/block] Yammer Embed can support redirection to your identity provider for Single Sign-on configured with Office 365/AAD, if such configuration is available and configured for your Office 365 tenant. To use Yammer Embed with automatic redirection to your SSO provider, see the following code sample below, specifically the config section with the use_sso flag. NOTE: For SSO redirection to work correctly, the domain used in the embed configuration must be configured for federation in Office 365. Any domain from the Yammer network can be used in that field. If a non-federated domain is used, SSO for embed will not work." For more information about Yammer SSO deprecation and the Yammer platform , please see this [developer blog post](https://developer.yammer.com/blog/reminder-yammer-sso-deprecation). [block:code] { "codes": [ { "code": "yam.connect.embedFeed({\n container: '#embedded-feed',\n network: 'domain.com', // network domain configured for federation\n feedType: '',\n feedId: '',\n config: {\n use_sso: true, // this line enables SSO\n header: true,\n footer: true,\n showOpenGraphPreview: false,\n defaultGroupId: 3257958 // specify default group id to post to \n }\n});", "language": "text" } ] } [/block] **Modern Browser Security** Redirection to the identity provider occurs within the Embed iframe when the use_sso flag is true, instead of using the default popup window. If your identity provider returns an *X-Frame-Options: Deny* header, then modern browsers will fail to load the sign-in form. This is by design within the web browser and is not controlled by Yammer. Microsoft ADFS 3.0, and many other identity providers return this header when forms-based authentication is in use to protect against click-jacking attacks. Users accessing with Integrated Windows Authentication do not receive the *X-Frame-Options: Deny* header which means that the authentication happens successfully for the user.