Begin Scanning a Workplace by Facebook App

Set up a token for your Workplace community to configure your app and connect to the Aperture service to scan assets.
Before you can begin scanning a Workplace by Facebook app, you must configure a token that generates an app with specific user permissions enabled and a page, a type of bot for your Workplace community. The page name reflects the name of your custom integration, and the profile picture matches the icon you chose when creating the custom configuration. As you prepare the Workplace account, take note of the token shown to you when creating your custom integration, since it is shown only once, and required to complete the setup of the Workplace app within Aperture and to read and write posts on your page.
To begin scanning a Workplace by Facebook app:
  1. Prepare your Workplace by Facebook account to work with the Aperture service.
    1. Log in to the Workplace by Facebook console as an administrator.
    2. In your company dashboard, select IntegrationsCreate Custom Integration.
    3. Choose a relevant name and description for the app, such as "Aperture by Palo Alto Networks" and click Create.
    4. (Optional) Select an icon for the app by clicking Update on the icon placeholder. This icon displays any time the app is visually represented, such as in a group posting.
  2. Each Workplace app comes with unique Permissions to control the information being read or written to by that app. Grant the following permissions:
    Read Group Content
    Read posts, comments, and member profiles in selected groups.
    Manage Group Content
    Manage posts and comments in selected groups.
    Manage Groups
    Edit or remove selected groups and their members.
    Impersonate Account
    Post and comment in groups and read messages from any user account.
    Read Security Logs
    Access details of security events, including login attempts and password requests.
  3. Click Create Access Token read and understand the token terms and click Done. Save the configuration.
    Copy and safely store the access token shown to you, as you will need the token to setup your account in Aperture and make API calls. As a system administrator, it is important to make sure that you only share access tokens with trusted developers within your organization and Facebook-approved third-party developers.
  4. Add the Workplace by Facebook app to Aperture.
    1. From the Aperture Dashboard, Add a Cloud App.
    2. Select Workplace by Facebook.
    3. Select Connect to Workplace by Facebook account.
    4. Enter the Access Token you noted in the previous step.
    5. Click OK.
    The Aperture service adds the Workplace by Facebook app to the list of Cloud Apps.
  5. (Optional) Give a descriptive name to this app instance and specify an incident reviewer.
    1. Select the Workplace by Facebook link on the Cloud Apps list.
    2. Enter a descriptive Name to differentiate this instance of Workplace by Facebook from other instances you are managing.
  6. Define global scan settings.
  7. Add policy rules.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
  8. (Optional) Configure or edit a data pattern.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  9. Start scanning the new Workplace by Facebook app for risks.
    1. Select SettingsCloud Apps & Scan Settings.
    2. In the Cloud Apps row that corresponds to the new Workplace by Facebook app, select ActionsStart Scanning.
      The status changes to Scanning. The Aperture service starts scanning all assets in the associated Workplace by Facebook app and begins identifying incidents. Depending on the number of assets, it may take some time for the Aperture service to complete the process of discovering all assets and users. However, as soon as you begin to see this information populating on the Aperture Dashboard, you can begin to Assess Incidents.
  10. Monitor the results of the scan.
    As the Aperture service starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.
    Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation