Begin Scanning a Workplace by Facebook App
Authorize the Prisma SaaS app to connect to Workplace by Facebook to scan all content shared within the app.
To connect a Workplace by Facebook app and begin scanning assets, you need to:
- Ensure that you have a Workplace account with administrator privileges.
- Authorize the Prisma SaaS app on the Facebook Third-Party Marketplace to access your account. This integration uses OAuth to generate the access token with the required read-only permissions that enable Prisma SaaS to get metadata on the posts, comments, member profiles, and groups.
For information on which automated remediation capabilities Prisma SaaS supports with Workplace by Facebook, refer to Supported Applications with Remediation.
Add Workplace by Facebook App
In order for Prisma SaaS to scan assets, you must consent to the following permissions during the course of adding the Workplace by Facebook app:
Read user email
The user’s email address is required to determine if the member is an internal or external user. Prisma SaaS compares the domain in the email address against the list of internal domains that you have configured to identify whether the user is external to the organization.
List group members
The list of group members within each workplace group is required to determine content exposure and collaborators. For example, if the group includes one or more members outside of your organization who collaborate on the assets being shared, then the group is classified as having external exposure.
Read group content
Permission to read the content such as posts, comments and attachments shared within the group to scan for sensitive information.
Read all messages
Access to chat messages sent to any user on the Workplace app to scan for sensitive information.
Read user timeline
Permission to read the posts, comments and attachments on each user's timeline to scan for sensitive information.
- Add the Workplace by Facebook app to Prisma SaaS.
- Log in to Prisma SaaS.
- On theDashboard, click+Add a Cloud App, and selectWorkplace by Facebook.
- SelectConnect to Workplace Account.Prisma SaaS redirects you to the Facebook Third-Party marketplace. You must log in to Workplace with administrator privileges to add the Workplace app to Prisma SaaS.
- Review thePermissionsthat you are authorizing for the Prisma SaaS app andAdd to Workplace.The following permissions are required:
- Log in to Prisma SaaS to complete the remaining workflow.After you review the permissions displayed in the popup window, you are still in your Workplace app and are not redirected to Prisma SaaS.
- Give a descriptive name to this app instance and specify an incident reviewer.
- Select the Workplace app in the Cloud Apps list.
- Enter a descriptiveNameto differentiate this instance of Workplace by Facebook from other instances.
- Start scanning the new Workplace by Facebook app for risks.
- Select.SettingsCloud Apps & Scan Settings
- In the Cloud Apps row that corresponds to the new Workplace by Facebook app, select.ActionsStart ScanningPrisma SaaS scans all assets in the associated Workplace by Facebook app and identifies incidents. Depending on the number of assets, it may take some time to complete the process. However, as soon as you begin to see this information populating on the Prisma SaaSDashboard, you can begin to Assess Incidents.
When you add a new cloud app, Prisma SaaS automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
- (Optional) Modify match criteria for existing policy rules.
- (Optional) Configure or edit a data pattern.
Fix Workplace App Issues
The most common issues related to adding a Workplace app are as follows:
Workplace for Facebook app stopped scanning for assets.
August 2020 Facebook improved the Workplace API to support OAuth. Prisma SaaS no longer needs the outdated app and cannot communicate with it.
You can identify the version of your Workplace app based on its location in the Workplace Admin Panel:
If you have the outdated version of the Workplace app, you must upgrade to the revamped app.
Uninstalling the Workplace app is mandatory because only one instance of Prisma SaaS can be installed for a Workplace account.
To upgrade to the new Workplace by Facebook app:
When you try to onboard the new Workplace app, Prisma SaaS returns a connection error:
Not connected. Sorry, there was an error connecting to your account. Also, Workplace Admin Console shows an error for the onboarded Workplace app:
App install has failed.
See explanation above.
Uninstall the Workplace app you just tried to onboard:
Recommended For You
Recommended videos not found.