SSO設定
- 印刷する
- PDF
SSO設定
- 印刷する
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
このコンテンツは日本語をサポートしていません。
Available in Classic and VPC
Single Sign On (SSO) refers to integrated login linkage that enables access (authenticate) to multiple systems with a single ID and password. By setting SSO linkage between WORKPLACE and another system, you can automatically access and use both systems with a single login.
WORKPLACE Developers supports the following two methods of SSO, and you can select one of the two methods for linkage.
- IDP Method: IDP stands for Identify Provider and refers to a service that stores and manages the authentication information of users who access the cloud service, etc.
- SP Method: SP stands for Service Provider and refers to a service system.
Note
When easy login has been set from the [Admin] > [Security] > [Manage Access] menu, you can integrate login after setting easy login to Not use.
IDP Method Linkage
You can link login between the company's corporate information system and WORKPLACE based on SAML 2.0 or OAuth 2.0 in the IDP method.
OAuth
Take the following procedure to perform SSO linkage with the IDP method.
- 1. Enter Linkage Information on Console
- 2. Redirect to WORKPLACE OAuth 2.0 Server and Process Response
- 3. Exchange Authentication Code for Access Token
- 4. Return Authenticated User Information
1. Enter Linkage Information on Console
- From the NAVER Cloud Platform console, click the Services > Business applications > WORKPLACE menus, in that order.
- Click the Developers menu.
- If the notification pop-up window appears, check the details in the pop-up window, and then click the [Close] button.
- Click SSO Settings.
- Click the [Link Login] button.
- If you are using SMARTWORK Solution (bundling WORKPLACE and NAVER WORKS), then you can skip this step.
- Specify the SSO setting items, and then click the [Apply] button.
- Domain: URL to be forwarded to redirect_uri of the company, copied onto the clipboard by clicking the [Copy] button
- Client ID: client ID provided by WORKPLACE, copied onto the clipboard by clicking the [Copy] button
- Client Secret: client secret value provided by WORKPLACE, copied onto the clipboard by clicking the [Copy] button
- Redirect Domain: Copy the URL to be forwarded to redirect_uri of the company, and enter it here.
2. Redirect to WORKPLACE OAuth 2.0 Server and Process Response
Create a request parameter and redirect to the WORKPLACE OAuth 2.0 server.
https://CompanyDomainID.ncpworkplace.com/authn/oauthLogin
HTTP Method:
GET
Request:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| response_type | String | Y | This is a classification value for the authentication process, specifying the format of result value is to be received. A fixed string called "code" is always used. |
| client_id | String | Y | Client ID value provided by WORKPLACE |
| redirect_uri | String | Y | This encoded URL returns the authorization code after processing authentication. |
| state | String | Y | Unique value randomly created to prevent Cross-Site Request Forgery (CSRF) (included in the URL when returning the authorization code, sending the state value as a parameter) |
| loginId | String | N | Login account entered by user |
Example:
GET https://CompanyDomainID.ncpworkplace.com/authn/oauthLogin?response_type=code&client_id=17nRVbxDCSmzymTHMdnv&redirect_uri=http://Customer/oauth2callback&loginId =admin@nbp.co.kr
After confirming login or authentication as above, the OAuth 2.0 server uses the specified URL (redirect_uri) to respond to the access request.
https:/CompanyDomainID.ncpworkplace.com/authn/oauthLogin
HTTP Method:
GET
Response:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| code | String | Y (Success) | A one-time code that is used to issue the authorization code access token |
| state | String | Y (Success) | Client ID value provided by WORKPLACE |
| error | String | Y (Failure) | Error code returned in case of failure |
| error_description | String | Y (Failure) | Explanation of the error returned in case of failure |
Example:
If an error occurs, http://Customer/oauth2callback?error=access_denied
If successful, http://Customer/oauth2callback?code=jxCiS2TA80GSocD2
3. Exchange Authentication Code for Access Token
To exchange the authentication code for the access token, receive the authentication code for the Access Token Return API as shown below.
https://CompanyDomainID.ncpworkplace.com/authn/accessToken
HTTP Method:
POST
Request:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| grant_type | String | Y | This is a classification value for the authentication process, specifying the format of the result value to be received. A fixed string called "authorization_code" is always used. |
| client_id | String | Y | Client ID value provided by WORKPLACE |
| client_secret | String | Y | Client secret value provided by WORKPLACE |
| code | String | Y | Authorization code issued in the Step 2 |
| state | String | N | String used by the application to maintain the status between the request and redirection response |
Example:
https://CompanyDomainID.ncpworkplace.com/authn/accessToken?grant_type=authorization_code&client_id=17nRVbxDCSmzymTHMdnv&client_secret=JsjOUSDOtb&code=jxCiS2TA80GSocD2
Response:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| access_token | String | Y (Success) | Access token |
| token_type | String | Y (Success) | Access token type, fixed as "Bearer" |
| expires_in | String | Y (Success) | Validity period of access token (seconds), actual application's maintained login time |
| error | String | Y (Failure) | Error code returned in case of failure |
| error_description | String | Y (Failure) | Explanation of the error returned in case of failure |
4. Return Authenticated User Information
Return the authenticated user information as shown below.
https://CompanyDomainID.ncpworkplace.com/authn/userProfile
HTTP Method:
POST
Request:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| client_id | String | Y | Client ID value provided by WORKPLACE |
| client_secret | String | Y | Client secret value provided by WORKPLACE |
| access_token | String | Y | Access token received in Step 3 (URL encoded value, passes the returned access token as is) |
Example:
https://CompanyDomainID.ncpworkplace.com/authn/userProfile?client_id=17nRVbxDCSmzymTHMdnv&client_secret=JsjOUSDOtb&access_token=imLS80bZNkpKtM9FWvZt7MjMTcXIyIN0ygyr8DERsgzetKFIUWqArHlCUQ1VJ6I....
Response:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| login_id | String | Y (Success) | Login ID |
| error | String | Y (Failure) | Error code returned in case of failure |
| error_description | String | Y (Failure) | Explanation of the error returned in case of failure |
Logout URL
https://CompanyDomainID.ncpworkplace.com/authn/logoutProcess
SAML
Take the following procedure to perform SSO linkage based on SAML 2.0.
- 1. Enter Linkage Information on Console
- 2. Create and Deliver SAML Request
- 3. Validate SAML Request
- 4. Create and Deliver SAML Response
1. Enter Linkage Information on Console
- From the NAVER Cloud Platform console, click the Services > Business applications > WORKPLACE menus, in that order.
- Click the Developers menu.
- If the notification pop-up window appears, check the details in the pop-up window, and then click the [Close] button.
- Click SSO Settings.
- Click the [Link Login] button.
- If you are using SMARTWORK Solution (bundling WORKPLACE and NAVER WORKS), then you can skip this step.
- Select SAML.
- Specify the SSO setting items, and then click the [Apply] button.
- SSO URL: Copy the provided SSO URL and enter it for the login page URL (SSO URL field) of the customer system.
- Response Issuer: Copy the provided Response Issuer and enter it in the customer system.
- Application: Click the [Add] button, and then enter the application information.
- Application Name: Enter the name of the application you want to link with SSO in English.
- ACS URL: Enter the ACS URL provided by the customer system.
- SP Issuer (Entity ID): Enter the SP issuer (entity ID) provided by the customer system. The SP issuer can't be duplicated in a single domain.
- Certificate: Click the [Download] button of each added application to download the certificate, and attach it to the Certificate field of the customer system.
- NAME ID: It is fixed and displayed as "Login ID."
- NAME ID Format: It is fixed and displayed as "UNSPECIFIED."
2. Create and Deliver SAML Request
A SAML request is created as a parameter of SSO URL, and delivered to the customer authentication system.
Request URL
It delivers the SSO URL, which is issued when registering SAML Apps in the Developer console.
Example:
https://{Companyid}.ncpworkplace.com/authn/saml/samlLogin
HTTP Method
POST
Request
See the Request field.
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| SAMLRequest | String | Y | String according to SAML 2.0 request details - encoded with Base64 |
| RelayState | String | Y | URL to retry in case the authentication fails |
SAML Request Details
<saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="{ACS URL registered in WORKPLACE}"
ID="{ID}"
IssueInstant="{SAML request creation date and time}"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
ProviderName="{Service Provider Name}"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">{SP issuer registered in WORKPLACE}</saml2:Issuer>
<saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>
| Item | Type | Requirement Status | Description |
|---|---|---|---|
| AuthnRequest AssertionConsumerServiceURL | String | Y | This URL is called ACS URL in short and receives the SAML response. It must be identical to the registered ACS URL. |
| AuthnRequest ID | String | Y | This ID is issued by the WORKPLACE authentication system and used when creating a SAML response. |
| AuthnRequest IssueInstant | Date(UTC) | Y | SAML request creation date and time |
| AuthnRequest ProtocolBinding | String | Y | Since it is sent as "HTTP-POST," the SAML response must be sent using the POST method. |
| AuthnRequest ProviderName | String | N | Customer name |
| Issuer | String | Y | It uses the registered SP issuer (entity ID). |
| NameIDPolicy Format | String | Y | It uses "UNSPECIFIED" as a fixed value. |
3. Validate SAML Request
The customer authentication system receives the SAML request and executes the login page by validating it.
At this time, the customer's login page is executed for a domain that uses SSO, and WORKPLACE login page is executed otherwise.
4. Create and Deliver SAML Response
If the login is successful, a SAML response is created and delivered to the customer's ACS URL.
Request URL
It uses the ACS URL specified in the SAML request. (It must be identical to the registered ACS URL.)
HTTP Method
POST
Request
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| SAMLResponse | String | Y | String according to SAML 2.0 response details - encoded with Base64 |
| RelayState | String | N | Delivered to the response only when delivered from the SP side |
Note
Since the value digitally signed with the registered certificate is included in the SAML response, the customer must validate the digital signature value.
SAML Response Details
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="{ACS URL registered in WORKPLACE}"
ID="{ID issued by WORKPLACE}"
InResponseTo="{ID included in the SAML request}"
IssueInstant="{SAML response creation date and time}"
Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
{Response Issuer}
</saml2:Issuer>
<ds:Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
"{Digital signature}"
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="{ID issued by WORKPLACE}"
IssueInstant="{SAML response creation date and time}"
Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
{Response Issuer}
</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="unspecified">
"{Login ID of the logged in user}"
</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData
InResponseTo="{ID included in the SAML request}"
NotOnOrAfter="{SAML response end date and time}"
Recipient="{ACS URL}"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="{SAML response start date and time}"
NotOnOrAfter="{SAML response end date and time}">
<saml2:AudienceRestriction>
<saml2:Audience>{SP issuer registered in WORKPLACE}
</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="{SAML response creation date and time}"
SessionIndex="{ID issued by WORKPLACE}">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
SAML Response Example
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="4ec6c869-4f1f-4027-adc2-90a5dc5cb597"
InResponseTo="ajinaekefnokobjefcegddakfdphcchikhgphael" IssueInstant="2021-12-29T06:24:26.000Z"
Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://Companyid.ncpworkplace.com/authn/saml/metadata</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#4ec6c869-4f1f-4027-adc2-90a5dc5cb597">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EcKuJWielgJv1XCEeb1lDR6yP7w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>oE1jjGQhtkRVxSp4....</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDHDCCAgSgAwIBAgIGAWm....</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>
<saml2:Assertion ID="cf10bea7-f97d-4273-b431-36b1228244e3" IssueInstant="2021-12-29T06:24:26.000Z"
Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Issuer>http://Companyid.ncpworkplace.com/authn/saml/metadata</saml2:Issuer>
<saml2:Subject>
<saml2:NameID NameQualifier="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@samltest.com</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="ajinaekefnokobjefcegddakfdphcchikhgphael"
NotBefore="2021-12-29T06:24:26.000Z" NotOnOrAfter="2021-12-29T06:34:26.000Z"
Recipient="https://AuthenticationCompany/acs/samltest.com"/></saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2021-12-29T06:24:26.000Z" NotOnOrAfter="2021-12-30T06:24:26.000Z">
<saml2:AudienceRestriction>
<saml2:Audience>worksmobile.com</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2021-12-29T06:24:26.000Z"
SessionIndex="ajinaekefnokobjefcegddakfdphcchikhgphael"
SessionNotOnOrAfter="2021-12-30T06:24:26.000Z">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
Each item of a SAML response is as follows.
| Item | Type | Requirement Status | Description |
|---|---|---|---|
| Response Destination | String | Y | ACS URL included in the SAML request |
| Response ID | String | Y | ID issued by WORKPLACE |
| Response InresponseTo | Date(UTC) | Y | ID included in the SAML request |
| Response IssueInstant | Date(UTC) | Y | SAML response creation date and time |
| Signature | String | Y | Digital signature |
| Assertion ID | String | N | ID issued by WORKPLACE |
| Assertion IssueInstant | Date(UTC) | N | SAML response creation date and time |
| Subject NameID | String | Y | Login ID of the logged in user |
| SubjectConfirmationData InResponseTo | String | Y | ID included in the SAML request |
| SubjectConfirmationData NotOnOrAfter | Date(UTC) | Y | SAML response end date and time |
| SubjectConfirmationData Recipient | String | Y | ACS URL |
| Conditions NotBefore | Date(UTC) | Y | SAML response start date and time |
| Conditions NotOnOrAfter | Date(UTC) | Y | SAML response end date and time |
| Audience | String | Y | Issuer included in the SAML request |
| AuthnStatement AuthnInstant | Date(UTC) | Y | SAML response creation date and time |
| AuthnStatement SessionIndex | String | Y | ID issued by WORKPLACE |
SP Method Linkage
The SP method can perform SSO linkage by using Security Assertion Markup Language (SAML) 2.0 or OAuth 2.0. If WORKPLACE and the company's system are linked, then WORKPLACE becomes the service provider. You'll automatically log in to the company's system by logging in to WORKPLACE.
The following describes how to set up linkage with the SP method.
- From the NAVER Cloud Platform console, click the Services > Business applications > WORKPLACE menus, in that order.
- Click the Developers menu.
- If the notification pop-up window appears, check the details in the pop-up window, and then click the [Close] button.
- Click SSO Settings.
- Click the [Link Login] button next to the service to set up SSO.
- Set the login integration by referring to below.
Integrate Login to Google Workspace
You can integrate login with Google Workspace using SSO of the SAML 2.0 method.
Note
- The setting steps may differ from the explanation in this user guide, depending on the Google Workspace environment. For more details about the usage methods, see the Google Workspace user guide.
- The WORKPLACE login ID and Google Workspace account information (email) must be the same for the login to work.
The following describes how to integrate login with Google Workspace.
Separately log in to Google Admin and the NAVER Cloud Platform console.
In the Google Admin page, click Apps > Web and mobile apps, in that order. In the next page, click Add App > Add custom SAML app.
In the Google Admin page, enter the app name in the App Details page. Upload the app logo for the app icon. Download the logo image from Developers > Set SSO in the NAVER Cloud Platform console.
In the Option 2 of the Step 2 Google Identity Provider Details from the Google Admin page, copy the URL of the SSO URL field, click the [Download] button for the certificate of the Certificate field to download it, and then click Continue.
From the NAVER Cloud Platform console, click the Services > Business Applications > WORKPLACE > Developers menus, in that order.
Click the [Integrate Login] button next to Google Workspace.
Paste the SSO URL copied in Step 4 onto the SSO URL input field of the NAVER Cloud Platform console.
After downloading the Certificate in Step 4, upload it by clicking the [Attach File] button of the Certificate field on the NAVER Cloud Platform console.
Separately copy the URL and ID displayed in the ACS URL and Entity ID items of the SSO Settings screen on the NAVER Cloud Platform console, and then separately paste them onto the ACS URL and Entity ID input fields in the Detailed Information of Service Provider pop-up window of Google Admin.
Click Continue in the Service Provider Details pop-up window of Google Admin.
Click Finish in the Attribute Mapping pop-up window of Google Admin.
Click Modify Service.
Select Turn ON for everyone, and then click Save.
Click the icon at the top right of Google Admin to check the registered SAML app.
From the NAVER Cloud Platform console, click the [Apply] button.
Note
- Once the SSO integration between WORKPLACE and Google Workspace is done, you can log in to WORKPLACE and use WORKPLACE using a Google account.
- You can register a shortcut to Google Workspace in All Services. For more information, see Manage Top Menu.
Link Login With Other Services
you can link login with various services that support SSO linkage based on the OAuth 2.0 or Security Assertion Markup Language (SAML) 2.0 method.
From the NAVER Cloud Platform console, click the Services > Business applications > WORKPLACE menus, in that order.
Click the Developers menu.
- If the notification pop-up window appears, check the details in the pop-up window, and then click the [Close] button.
Click SSO Settings.
Click the [Link Login] button next to Other Services.
Select the linkage method.
Enter the setting items according to the selected linkage method.
- SAML 2.0 SSO Setting Items
- Web Login URL: Enter the Request URL produced in SAML 2.0 1. Web Login Page.
- Logout URL: Enter the Request URL created in Client Logout.
- Logout Domain: Enter the Request URL created in WORKPLACE Logout.
- Register File (*.pem): Register the certificate used when electronically signing a SAML response. (The certificate is used for validation.)
Click the [Apply] button.
SAML 2.0 1. Web Login Page
After validating the SAML request and processing the client login, create the SAML response and return to the ACS URL.
https://ClientCompanyDomain/ClientCompanyLoginPage
Note
Only Port 80 or 443 can be used according to the WORKPLACE's infrastructure security policy.
HTTP Method: GET
Request:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| SAMLRequest | String | Y | String according to the SAML 2.0 request detail |
| RelayState | String | Y | URL to retry in case the authentication fails |
SAML 2.0 2. Validate SAML Request
The SAML request is encoded using Deflate + Base64. Validate the SAML request.
SAML Request Details:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="{ACS URL}"
ID="{ID issued by WORKPLACE authentication system}"
IssueInstant="{Request creation date and time}"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
ProviderName="ncpworkplace.com"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ncpworkplace.com</saml2:Issuer>
<saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>
SAML Request Items:
| Item | Description |
|---|---|
| AuthnRequest AsssertionConsumerServiceURL | This URL is called ACS URL in short and delivers the SAML response. |
| AuthnRequest ID | This ID is issued by the WORKPLACE authentication system and used when creating a SAML response. |
| AuthnRequest IssueInstant | SAML request creation date and time |
| AuthnRequest ProtocolBinding | Since it is sent as "HTTP-POST," the SAML response must be sent using the POST method. |
| AuthnRequest ProviderName | This is the service provider name sent to "ncpworkplace.com." |
| Issuer | It is the ID issued by the service provider's system. It is used when creating a SAML response |
SAML Request Example:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://Companyid.ncpworkplace.com/...."
ID="bemkplgpdoemkhjmncgmbcdibglpngclfombpmed"
IssueInstant="2018-02-14T03:33:49.999Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
ProviderName="ncpworkplace.com"
Version="2.0">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ncpworkplace.com</saml2:Issuer>
<saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>
WORKPLACE Logout
This feature is used when logging out from WORKPLACE after logging out from the customer's system. Upon receiving a logout request, the WORKPLACE account logged in to WORKPLACE is logged out and redirected to redirect_uri received.
Since redirect_uri is managed as white_url, it should be registered as Logout Redirection Domain in SSO Settings of Developers on the NAVER Cloud Platform console.
https://Companyid.ncpworkplace.com/authn/logoutProcess
HTTP Method: GET/POST
Request:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| redirect_uri | String | Y | Encoded URL to be redirected after logging out from WORKPLACE |
Response:
Redirect to redirect_uri.
Customer Logout
This feature is used to log out from the client's system after logging out from WORKPLACE.
https://ClientCompanyDomain/Logout
Note
Only Port 443 can be used according to the WORKPLACE's infrastructure security policy.
HTTP Method: GET
Request:
| Parameter | Type | Requirement Status | Description |
|---|---|---|---|
| redirect_uri | String | N | This is redirect_uri (URL encoded) to be redirected after the logout is processed from the customer's system. |
After Completion of SSO Linkage
When the SSO linkage is complete, you can log in to WORKPLACE using the login information of the existing corporate information system, which makes it convenient for managing login information.
User Login
If the user accesses the WORKPLACE company URL (https://Companyid.ncpworkplace.com), then the user is taken directly to the login page for the corporate information system or other services (e.g., Google).
When the user accesses the WORKPLACE basic URL (https://www.ncpworkplace.com):
- Click the [SSO Linkage Settings] button at the bottom of the login page.
- Enter the company ID and click the Log In button.
- You will be taken to the login page for other integrated services (e.g., Google, company's enterprise information system). By logging in to other services, you can immediately start using WORKPLACE.
この記事は役に立ちましたか?