Begin Scanning a Workplace by Facebook App (Beta)

Authorize SaaS Security API to connect to Workplace by Facebook to scan all content shared within the app.
To connect a Workplace by Facebook app and begin scanning assets, you need to:
  • Ensure that you have a Workplace account with administrator privileges.
  • Authorize the SaaS Security API app on the Facebook Third-Party Marketplace to access your account. This integration uses OAuth to generate the access token with the required read-only permissions that enable SaaS Security API to get metadata on the posts, comments, member profiles, and groups.
If you have a previous version of the Workplace app, you must uninstall it.
For information on which automated remediation capabilities SaaS Security API supports with Workplace by Facebook, refer to Supported Content, Remediation and Monitoring.

Add Workplace by Facebook App

In order for SaaS Security API to scan assets, you must consent to the following permissions during the course of adding the Workplace by Facebook app:
Permission
Description
Read user email
The user’s email address is required to determine if the member is an internal or external user. SaaS Security API compares the domain in the email address against the list of internal domains that you have configured to identify whether the user is external to the organization.
List group members
The list of group members within each workplace group is required to determine content exposure and collaborators. For example, if the group includes one or more members outside of your organization who collaborate on the assets being shared, then the group is classified as having external exposure.
Read group content
Permission to read the content such as posts, comments and attachments shared within the group to scan for sensitive information.
Read all messages
Access to chat messages sent to any user on the Workplace app to scan for sensitive information.
Read user timeline
Permission to read the posts, comments and attachments on each user's timeline to scan for sensitive information.
  1. (
    Recommended
    ) Add your Workplace by Facebook app domain as an internal domain.
  2. Add the Workplace by Facebook app to SaaS Security API.
    1. Log in to SaaS Security.
    2. On the
      Dashboard
      , click
      +Add a Cloud App
      , and select
      Workplace by Facebook
      .
    3. Select
      Connect to Workplace Account
      .
      SaaS Security API redirects you to the Facebook Third-Party marketplace. You must log in to Workplace with administrator privileges to add the Workplace app to SaaS Security API.
    4. Review the
      Permissions
      that you are authorizing for the SaaS Security API app and
      Add to Workplace
      .
    5. Log in to SaaS Security to complete the remaining workflow.
      After you review the permissions displayed in the popup window, you are still in your Workplace app and are not redirected to SaaS Security.

Customize Workplace by Facebook App

Customizations include modifying Workplace by Facebook app name.
  1. Select the Workplace app in the Cloud Apps list.
  2. (
    Optional
    ) Enter a descriptive
    Name
    to differentiate this instance of Workplace by Facebook from other instances.
  3. Next Step
    : Process to Identify Risks

Identify Risks

When you add a new cloud app and enable scanning, SaaS Security API automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. Start scanning the new Workplace for Facebook app for risks.
  2. During the discovery phase, as SaaS Security API scans files and matches them against enabled default policy rules.
    Verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, improve the results.
  3. (
    Optional
    ) Modify match criteria for existing policy rules.
  4. (
    Optional
    ) Add new policy rules.
    Consider the business use of your app, then identify risks unique to your enterprise. As necessary, add new:
  5. (
    Optional
    ) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  6. Next Step
    : Proceed to Fix Workplace App Issues, if necessary.

Fix Workplace App Issues

The most common issues related to adding a Workplace app are as follows:
Symptom
Explanation
Solution
Workplace for Facebook app stopped scanning for assets.
August 2020 Facebook improved the Workplace API to support OAuth. SaaS Security API no longer needs the outdated app and cannot communicate with it.
You can identify the version of your Workplace app based on its location in the Workplace Admin Panel:
  • (New)
    Integrations
    Added to Workspace
  • (Outdated)
    Integrations
    Custom Integrations
If you have the outdated version of the Workplace app, you must upgrade to the revamped app.
Uninstalling the Workplace app is mandatory because only one instance of SaaS Security API can be installed for a Workplace account.
To upgrade to the new Workplace by Facebook app:
  1. From SaaS Security
    Cloud Apps
    list,
    Delete Cloud App
    for Workplace app.
  2. From the Workplace Admin Panel, select
    Integrations
    .
  3. Locate the outdated Workplace app in
    Custom Integrations
    , then
    Delete Integration
    .
  4. Repeat the onboarding process on SaaS Security API.
When you try to onboard the new Workplace app, SaaS Security API returns a connection error:
Not connected. Sorry, there was an error connecting to your account
. Also, Workplace Admin Console shows an error for the onboarded Workplace app:
App install has failed
.
See explanation above.
Uninstall the Workplace app you just tried to onboard:
  1. From the Workplace Admin Panel, select
    Integrations
    .
  2. Locate the outdated Workplace app in
    Added to Workspace
    , then
    Uninstall
    it.
  3. Delete the outdated app as outlined in previous troubleshooting tip.
  4. Repeat the onboarding process on SaaS Security API.

Recommended For You