npm - @workos/mcp-docs-server - Versions diffs - 0.1.0 - Mend

@workos/mcp-docs-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/.docs/organized/docs/integrations/hibob.mdx ADDED Viewed

@@ -0,0 +1,98 @@
+---
+title: HiBob
+description: "Learn about syncing your user list with\_HiBob."
+icon: hibob
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/hibob.mdx
+---
+## Introduction
+This guide outlines how to synchronize your application’s HiBob directories.
+To synchronize an organization’s users and groups provisioned for your application, you’ll need the enterprise IT Admin to provide you:
+- A HiBob Service User ID.
+- The HiBob Service User’s Token.
+We will provide instructions below on the process in HiBob to create a Service User and collect those parameters.
+> Note: The HiBob integration isn't enabled by default in the WorkOS Dashboard or Admin Portal. Please reach out to [support@workos.com](mailto:support@workos.com) or via your team’s WorkOS Slack channel if you would like HiBob enabled.
+---
+## (1) Set up your Directory
+Login to your WorkOS dashboard and select “Organizations” from the left hand Navigation bar
+Select the Organization you’d like to enable a HiBob Directory Sync connection for.
+On the Organization’s page click “Manually Configure Directory”.
+![A screenshot highlighting the "Manually Configure Directory" button in the Organization view of the WorkOS Dashboard.](https://images.workoscdn.com/images/66f8d2e8-6337-4e67-97cf-1fcf9ae0a8cb.png?auto=format&fit=clip&q=50)
+You’ll be prompted to select “HiBob” from the “Directory Type Dropdown”, as well as enter the name of the directory.
+Then click “Create Directory”.
+![A screenshot highlighting the "Create Directory" modal for creating a HiBob directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/0b8c4bdb-e745-4285-a208-3463631766c0.png?auto=format&fit=clip&q=50)
+WorkOS will create a Directory Sync Connection where you will input a “Service User ID” and an “API Token”. The next step will walk you through how an organization IT Admin can generate and gather these details.
+![A screenshot highlighting the "Update Directory" button in a HiBob directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/f47caea6-5218-4957-b8a1-3c3512ec52f0.png?auto=format&fit=clip&q=50)
+---
+## (2) Create a Service User in HiBob
+HiBob uses a system called Service Users to utilize API actions. These steps walkthrough creating a Service User and obtaining the credentials needed by WorkOS to link with HiBob successfully.
+Login to HiBob and navigate to “Settings” and then selecting the “Integrations” tab.
+There will be a tile called Service Users, click on that.
+![A screenshot highlighting the "Integrations" tab in the HiBob dashboard.](https://images.workoscdn.com/images/e240994a-4968-40ce-a75b-e3951ce0ac81.png?auto=format&fit=clip&q=50)
+Press on the New Service user Button
+The user will be prompted to enter a name (and display name, these can be the same) for the new service user, we recommend something like “WorkOS SCIM User”.
+![A screenshot showing the "Create a new Service User" modal in the HiBob dashboard.](https://images.workoscdn.com/images/03b23b02-f8d2-4b33-b7f3-02db9dfaee15.png?auto=format&fit=clip&q=50)
+HiBob will then present you with an ID and a Token, which will be populated into WorkOS, so make sure to inform the customer to provide these.
+![A screenshot highlighting the "ID" and "Token" fields for a Service User in the HiBob dashboard.](https://images.workoscdn.com/images/81d6408a-0f04-4486-8864-cf9c08928d86.png?auto=format&fit=clip&q=50&w=2048)
+The enterprise IT admin should make sure that the Service User has permissions to “View selected employees lifecycle sections”.
+---
+## (3) Input the HiBob Service User details in WorkOS
+Back in the connection that was created in your WorkOS dashboard, enter these two fields and press “Save Directory Details.”
+![A screenshot highlighting the Directory Details modal of a HiBob directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/8bd8dd85-864f-4712-98ac-788821b3b705.png?auto=format&fit=clip&q=50)
+You should see the connection now displays “Linked” in green.
+---
+## (4) View users and groups in your dashboard
+You will now see updates to the users in the directory under the “Users” tab in the HiBob Directory Sync page in WorkOS.
+![A screenshot showing the "Users" view of a HiBob directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/8474708e-dd99-472e-aba4-337c8463551d.png?auto=format&fit=clip&q=50)
+---
+## Frequently asked questions
+### What if the directory user profiles from HiBob aren't showing all of the expected user attributes, such as the user address?
+If some user attributes are not being sent along in the profile, you’ll want to start by checking the permissions of the Service User you created in step 2. You can see more about accessing Service User permissions [here](https://apidocs.hibob.com/docs/api-service-users) and some relevant FAQs from HiBob [here](https://help.hibob.com/hc/en-us/articles/4409776408209#how-to-review-permission-group-changes-0-4).
+### How often do HiBob directories perform a sync?
+HiBob directories poll every 30 minutes starting from the time of the initial sync.

package/.docs/organized/docs/integrations/jumpcloud-saml.mdx ADDED Viewed

@@ -0,0 +1,96 @@
+---
+title: JumpCloud SAML
+description: "Learn how to configure a connection to\_JumpCloud via SAML."
+icon: jumpcloud
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/jumpcloud-saml.mdx
+---
+## Introduction
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a Connection will differ by Identity Provider.
+To create a JumpCloud SAML Connection, you’ll need to upload a JumpCloud Metadata file.
+---
+## What WorkOS provides
+WorkOS provides the [ACS URL](/glossary/acs-url) and [SP Entity ID](/glossary/sp-entity-id). They’re readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+![A screenshot of the "Service Provider Details" of a JumpCloud Connection in the WorkOS Dashboard.](https://images.workoscdn.com/images/77d299b3-4e00-4259-9580-3a5d47518f7a.png?auto=format&fit=clip&q=50)
+The ACS URL is the location an Identity Provider redirects its authentication response to. In JumpCloud’s case, the ACS URL and Entity ID need to be set by the organization when configuring your application in their JumpCloud instance.
+Specifically, the ACS URL and Entity ID will need to be set in the “Single Sign-On Configuration” section of the SAML app. You will input the ACS URL for “ACS URL” and the Entity ID as both “IdP Entity ID” and “SP Entity ID”:
+![A screenshot highlighting the fields "IdP Entity ID", "SP Entity ID" and "ACS URL" in the JumpCloud dashboard.](https://images.workoscdn.com/images/5897416a-465f-4e71-a2f8-2c12329338b9.png?auto=format&fit=clip&q=50)
+---
+## What you’ll need
+In order to integrate you’ll need the JumpCloud Metadata file. Here’s how to obtain it:
+---
+## (1) Log in
+Log in to the JumpCloud admin dashboard, select “SSO” on the left and select your Application.
+![A screenshot highlighting the SSO tab and app selection in the JumpCloud dashboard.](https://images.workoscdn.com/images/e144fd63-e8a0-40e3-9d6d-db113396b7f8.png?auto=format&fit=clip&q=50)
+---
+## (2) Configure Attribute Mapping
+In the “User Attributes” section of the Single Sign-On Configuration page for the SAML app, add the following field-value parameter pairs:
+- `id` → `email`
+- `email` → `email`
+- `firstName` → `firstname`
+- `lastName` → `lastname`
+![A screenshot showing user attribute mapping in the JumpCloud dashboard.](https://images.workoscdn.com/images/47100088-c7b5-4352-96e1-9709f7808b6b.png?auto=format&fit=clip&q=50)
+### Role Assignment (optional)
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, follow the guidance below.
+In the "Group Attributes" section, select the checkbox to "include group attribute", and then set the attribute name to `groups`.
+![A screenshot showing 'Group Attributes' in the JumpCloud Admin Console.](https://images.workoscdn.com/images/b6f9fdc0-c660-41ce-8f8e-a99a8c5a4cf0.png?auto=format&fit=clip&q=50)
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+### Check "Sign Assertion"
+Be sure to check the “Sign Assertion” box shown below.
+![A screenshot highlighting the checked "Sign Assertion" box in the JumpCloud dashboard.](https://images.workoscdn.com/images/e4cca1f9-3f24-45d6-80f7-3ef318eb4ba2.png?auto=format&fit=clip&q=50)
+---
+## (3) Upload Metadata File
+Be sure to check “Declare Redirect Endpoint”.
+![A screenshot highlighting the checked "Declare Redirect Endpoint" box in the JumpCloud dashboard.](https://images.workoscdn.com/images/3a24425c-dd94-4b86-8b3a-f476b6f55665.png?auto=format&fit=clip&q=50)
+> NOTE: The "Declare Redirect Endpoint" setting needs to be enabled prior to exporting the IdP metadata below as this will alter the metadata.
+Click the “Export Metadata” button under “JumpCloud Metadata”. This will download an XML metadata file.
+![A screenshot highlighting the "Export Metadata" button in the JumpCloud dashboard.](https://images.workoscdn.com/images/abd1a6ff-ec7b-427b-b7d5-0813af0107ee.png?auto=format&fit=clip&q=50)
+In the Connection Settings of the WorkOS Dashboard, click “Edit Metadata Configuration”.
+![A screenshot highlighting the "Edit Metadata Configuration" button in the WorkOS Dashboard.](https://images.workoscdn.com/images/ead92f35-be05-431f-a987-e4a71745eb3f.png?auto=format&fit=clip&q=50)
+In the modal that pops up, upload the JumpCloud Metadata file and then select “Save Metadata Configuration”.
+![A screenshot showing the "XML File Metadata Configuration" modal in the WorkOS Dashboard.](https://images.workoscdn.com/images/060d5353-64ca-426a-a4f2-1b9290aad3f5.png?auto=format&fit=clip&q=50)
+Once the file has uploaded, your Connection will then be linked and good to go!

package/.docs/organized/docs/integrations/jumpcloud-scim.mdx ADDED Viewed

@@ -0,0 +1,106 @@
+---
+title: JumpCloud SCIM
+description: "Learn about syncing your user list with\_JumpCloud SCIM."
+icon: jumpcloud
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/jumpcloud-scim.mdx
+---
+## Introduction
+This guide outlines how to synchronize your application’s JumpCloud directories using SCIM.
+To synchronize an organization’s users and groups provisioned for your application, you’ll need to provide the organization with two pieces of information:
+- An [Endpoint](/glossary/endpoint) that JumpCloud will make requests to.
+- A [Bearer Token](/glossary/bearer-token) for JumpCloud to authenticate its endpoint requests.
+Both of these are available in your Endpoint’s Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+> Steps 2, 3, and 4 below will need to be carried out by the organization when configuring your application in their JumpCloud instance.
+---
+## (1) Set up your Directory Sync endpoint
+Login to your WorkOS Dashboard and select “Organizations” from the left hand navigation bar.
+Select the organization you’ll be configuring a new Directory Sync for.
+Under “Actions” click “Add Directory”.
+![A screenshot highlighting the "Add Directory" option within an Organization in the WorkOS Dashboard.](https://images.workoscdn.com/images/5411a8c2-cc56-4593-bc7c-c21c84443dfc.png?auto=format&fit=clip&q=50)
+Select “JumpCloud” from the dropdown, and enter the organization name.
+Then, click “Create Directory.”
+![A screenshot highlighting the "Create Directory" modal for creating a JumpCloud directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/6aaf218c-8d81-4ed6-aa8f-682dd3235dc2.png?auto=format&fit=clip&q=50)
+Your JumpCloud directory sync has now been created successfully with an Endpoint and Bearer Token.
+![A screenshot highlighting the "Directory Details" for a JumpCloud directory in the WorkOS Dashboard.](https://images.workoscdn.com/images/eaad1aef-522e-4f01-a298-3a6b093aa8a1.png?auto=format&fit=clip&q=50)
+> We have support for custom labeled URLs for Directory Sync endpoints. [Contact us](mailto:support@workos.com) for more info!
+---
+## (2) Select or create your JumpCloud application
+Log in to the JumpCloud admin dashboard, select “SSO” on the left and select your Application.
+![Select or Create JumpCloud App](https://images.workoscdn.com/images/26901dbc-8236-46b4-a46f-8c828152fe60.png?auto=format&fit=clip&q=50)
+If you haven’t created an application, you’ll need to first create a custom SAML application in JumpCloud. JumpCloud only supports configuring SCIM provisioning in an existing SAML application. You can use our JumpCloud SAML documentation to configure your SAML application before moving on to SCIM provisioning.
+---
+## (3) Configure your integration
+Select “Identity Management” from the top navigation menu.
+![A screenshot highlighting the "SSO" tab and app selection in the JumpCloud admin dashboard.](https://images.workoscdn.com/images/58194668-19eb-4b3b-b07d-a5023d05e766.png?auto=format&fit=clip&q=50)
+Scroll down to the “Configuration settings” section. Make sure SCIM 2.0 is selected as the SCIM version.
+Copy and paste the Endpoint from your [WorkOS Dashboard](https://dashboard.workos.com/) in the “Base URL” field.
+Then, copy and paste the Bearer Token from your [WorkOS Dashboard](https://dashboard.workos.com/) into the “Token Key” field.
+Next, test the connection to confirm the configuration settings.
+![A screenshot highlighting the "Base URL" and "Token Key" input fields in the JumpCloud admin dashboard.](https://images.workoscdn.com/images/6096c0db-b7f6-45ea-aa44-b1f53f167d12.png?auto=format&fit=clip&q=50)
+After you receive a success message for the configuration, make sure the Group Management toggle is “On”, and then activate the settings.
+![A screenshot highlight the "Group Management" field toggled on in the JumpCloud admin dashboard.](https://images.workoscdn.com/images/aa71e757-ec72-4f72-9551-cd43e72cf44b.png?auto=format&fit=clip&q=50)
+After the activation step is successful, save the configuration.
+![A screenshot highlighting the "Save" button in the JumpCloud admin dashboard.](https://images.workoscdn.com/images/3a8a81bc-e204-4368-b281-6aec5666b817.png?auto=format&fit=clip&q=50)
+---
+## (4) Assign users and groups to your application
+In order for your users and groups to be synced, you will need to assign them to your JumpCloud Application. Select “User Groups” from the top navigation menu.
+Select the groups of users you would like to sync and save your changes.
+![A screenshot highlighting the User Groups tab in the JumpCloud admin dashboard.](https://images.workoscdn.com/images/505e3ec4-0f83-4e68-a384-1d056f674b23.png?auto=format&fit=clip&q=50)
+Begin provisioning users and groups and witness realtime changes in your [WorkOS Dashboard](https://dashboard.workos.com/).
+A detailed guide to integrate the WorkOS API with your application can be found [here](/directory-sync)
+## Frequently asked questions
+### When a group is disconnected from the SCIM application in JumpCloud, I still see users that are a part of that disconnected group in WorkOS and my application – is this expected?
+Instead of individually assigning users to a SCIM application, JumpCloud SCIM requires that users are assigned to the application through group membership.
+To reflect valid user membership in your application, users should be removed from a group while the group is connected to the SCIM application rather than removing them directly from the application.
+To remove an entire group, the group can be deleted from the JumpCloud User Management area while it is connected to the SCIM application.

package/.docs/organized/docs/integrations/keycloak-saml.mdx ADDED Viewed

@@ -0,0 +1,128 @@
+---
+title: Keycloak
+description: "Learn how to configure a connection to\_Keycloak via SAML."
+icon: keycloak
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/keycloak-saml.mdx
+---
+## Introduction
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). And often, the information required to create a Connection will differ by Identity Provider.
+To create an Keycloak SAML Connection, you’ll need three pieces of information: an [ACS URL](/glossary/acs-url), an Identity Provider Issuer (also known as an Entity ID), and a Metadata URL.
+---
+## What WorkOS provides
+WorkOS provides the ACS URL and [IdP URI (Entity ID)](/glossary/idp-uri-entity-id). It’s readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+![A screenshot highlighting the "Service Provider Details" generated by WorkOS in the WorkOS Dashboard.](https://images.workoscdn.com/images/1ee74820-5075-4f2b-a1da-25f2c86204d4.png?auto=format&fit=clip&q=50)
+The ACS URL is the location an Identity Provider redirects its authentication response to. In Keycloak’s case, it needs to be set by the organization when configuring your application in their Keycloak instance.
+Specifically, the ACS URL will need to be set as the “Valid Redirect URI” and "Master SAML Processing URL" in the SAML client setup in Keycloak.
+The Entity ID is a URI used to identify the issuer of a SAML request, response, or assertion. In this case, the entity ID is used to communicate that WorkOS will be the party performing SAML requests to the organization's Keycloak instance.
+Specifically, the Entity ID will need to be set as the “Client ID” when creating a SAML client in Keycloak.
+---
+## What you’ll need
+In order to integrate you’ll need the Keycloak Metadata URL. Normally, the this will come from the organization's IT Management team when they set up your application’s SAML client in their Keycloak instance. But, should that not be the case during your setup, here’s how to obtain it.
+---
+## (1) Log in
+Log in to your Keycloak Admin Console, and navigate to the Realm you want to set up the SAML client in. Select “Clients” from the side menu. If your client is already created, select it from the list of and move to Step 4. If you haven’t created a SAML client in Keycloak, select “Create client”.
+![A screenshot highlighting the "Create client" button in the Keycloak dashboard.](https://images.workoscdn.com/images/ab144a33-174d-4699-83ad-fa5e59b9b31d.png?auto=format&fit=clip&q=50)
+---
+## (2) Initial SAML Application Setup
+On the Create Client setup step, select `SAML` as the "Client type", input the IdP URI (Entity ID) from your WorkOS Dashboard as the “Client ID”, and set a name for your Client. Click "Save".
+![A screenshot highlighting the input fields "Client type", "Client ID" and "Name" in the Keycloak dashboard.](https://images.workoscdn.com/images/9365694a-b125-47e0-8d2e-1e49425e157b.png?auto=format&fit=clip&q=50)
+---
+## (3) Configure SAML Application
+On the Settings page, scroll down and input the ACS URL from your WorkOS Dashboard in the “Valid Redirect URIs” and "Master SAML Processing URL" boxes.
+![A screenshot highlighting the fields "Valid redirect URIs" and "Master SAML Processing URL in the Keycloak dashboard.](https://images.workoscdn.com/images/a1dea2f2-ea25-44c9-b88e-39b689a37de2.png?auto=format&fit=clip&q=50)
+Scroll down further on the Settings page to "Signature and Encryption", and make sure that "Sign assertions" is toggled `On`. Click “Save”.
+![A screenshot highlighting the "Sign documents" and "Sign assertions" toggles switched on in the Keycloak dashboard.](https://images.workoscdn.com/images/dfd9fc38-79b8-4c7d-8ca7-17d1925e8fa2.png?auto=format&fit=clip&q=50)
+---
+## (4) Configure User Attributes and Claims
+Click the “Client scopes” top menu option and click into your Client.
+![A screenshot highlighting the "Client scopes" tab and "Assigned client scope" field in the Keycloak dashboard.](https://images.workoscdn.com/images/cc6c1ce7-229f-4d1e-90b2-ecf060649018.png?auto=format&fit=clip&q=50)
+Click "Configure a new mapper".
+![A screenshot highlighting the "Configure a new mapper" button in the Keycloak dashboard.](https://images.workoscdn.com/images/3ed96fbb-d089-49ed-979b-2b360a498db0.png?auto=format&fit=clip&q=50&w=2048)
+Then select "User Property".
+![A screenshot highlighting the "User Property" field in the Keycloak dashboard.](https://images.workoscdn.com/images/6f82859d-a433-4e3c-bde4-10b4700e5ba0.png?auto=format&fit=clip&q=50&w=2048)
+You’ll need to create a “User Property” mapper for the following four attributes:
+- `id`
+- `email`
+- `firstName`
+- `lastName`
+This is an example of how to fill out the fields for `id`:
+![A screenshot showing the proper mapping for the "id" property in the Keycloak dashboard.](https://images.workoscdn.com/images/1d966f7c-358b-46a6-b8d5-cbcb6f80c192.png?auto=format&fit=clip&q=50&w=2048)
+Also do this for the `email`, `firstName`, and `lastName` attributes:
+![A screenshot showing the proper mapping for the "email" property in the Keycloak dashboard.](https://images.workoscdn.com/images/7f753d8c-a7f3-4250-a772-0fb31bddfb03.png?auto=format&fit=clip&q=50&w=2048)
+![A screenshot showing the proper mapping for the first name property in the Keycloak dashboard.](https://images.workoscdn.com/images/d037d45f-9d80-4594-b0d2-4ec65dd76d96.png?auto=format&fit=clip&q=50&w=2048)
+![A screenshot showing the proper mapping for the last name property in the Keycloak dashboard.](https://images.workoscdn.com/images/0df763a9-7ca9-4bfb-870b-472bc3ef4b8b.png?auto=format&fit=clip&q=50&w=2048)
+### Role Assignment (optional)
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, follow the guidance below.
+On the "Dedicated scopes" page, select "Add mapper" and then "By configuration".
+![A screenshot showing how to add a new groups attribute mapper.](https://images.workoscdn.com/images/6475d3b7-33b2-47f5-a55e-efd13600b1e0.png?auto=format&fit=clip&q=50)
+You can choose either "Group list" or "Role list", whichever option best fits your use case. The example below uses "Group list". For more information on sending group information, refer to the [Keycloak documentation](https://www.keycloak.org/docs/latest/server_admin/#assigning-permissions-using-roles-and-groups).
+![A screenshot showing what type of mapper to choose for a groups attribute.](https://images.workoscdn.com/images/42a1cfbd-2499-46a7-bc3c-39b284f25e74.png?auto=format&fit=clip&q=50)
+Set the Name and the Group attribute name to "groups", and make sure the Single Group Attribute toggle is On. Select "Save".
+![A screenshot showing how to configure the groups attribute mapper.](https://images.workoscdn.com/images/d95229b8-a5e1-4543-8047-077a38570b01.png?auto=format&fit=clip&q=50)
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+## (5) Obtain Identity Provider Details
+Select “Realm Settings” in the left sidebar navigation menu, and copy the “SAML 2.0 Identity Provider Metadata” link on the General page.
+![A screenshot highlighting the "SAML 2.0 Identity Provider Metadata" button in the Keycloak dashboard.](https://images.workoscdn.com/images/166ae678-b776-470e-bf66-62bf202207e1.png?auto=format&fit=clip&q=50)
+Next, within your connection settings, edit the Metadata Configuration and provide the Metadata URL you obtained from Keycloak. Your Connection will then be verified and good to go!
+![A screenshot highlight the "URL Metadata Configuration" input in the WorkOS Dashboard.](https://images.workoscdn.com/images/2579b65a-3d39-4344-8df4-6cdf80506c34.png?auto=format&fit=clip&q=50)

package/.docs/organized/docs/integrations/lastpass-saml.mdx ADDED Viewed

@@ -0,0 +1,134 @@
+---
+title: LastPass
+description: "Learn how to configure a connection to\_LastPass via SAML."
+icon: lastpass
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/lastpass-saml.mdx
+---
+## Introduction
+Each SSO Identity Provider requires specific information to create and configure a new [Connection](/glossary/connection). Often, the information required to create a Connection will differ by Identity Provider.
+To create a LastPass SAML Connection, you’ll need an IdP Metadata XML file.
+Start by logging in to your WorkOS dashboard and browse to the “Organizations” tab on the left hand navigation bar.
+Select the organization you’d like to configure a LastPass SAML Connection for, and select “Manually Configure Connection” under “Identity Provider”.
+![A screenshot showing where to find "Manually Configure Connection" in the WorkOS Dashboard.](https://images.workoscdn.com/images/ff2ce096-00e1-4d34-8523-23a01ebf4642.png?auto=format&fit=clip&q=50)
+Select “LastPass SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.
+![A screenshot showing "Create Connection" details in the WorkOS Dashboard.](https://images.workoscdn.com/images/5866a365-5f51-4f58-9124-a4c0653831a5.png?auto=format&fit=clip&q=50)
+---
+## What WorkOS provides
+WorkOS provides the [ACS URL](/glossary/acs-url), [SP Entity ID](/glossary/sp-entity-id), and [SP Metadata URL](/glossary/sp-metadata). They’re readily available in your Connection Settings in the [WorkOS Dashboard](https://dashboard.workos.com/).
+![A screenshot showing where to find the ACS URL, SP Metadata, and SP Entity ID in the WorkOS Dashboard.](https://images.workoscdn.com/images/93089510-e362-47c9-9844-4eefd70e18ca.png?auto=format&fit=clip&q=50)
+---
+## What you’ll need
+Next, provide the [IdP Metadata](/glossary/idp-metadata) file. Normally, this information will come from your enterprise customer’s IT Management team when they set up your application’s SAML 2.0 configuration in their LastPass admin console. But, should that not be the case during your setup, the next steps will show you how to obtain it.
+---
+## (1) Select or create your application
+Log in to [LastPass](https://admin.lastpass.com/applications/saml), go to the admin console and select “Applications” on the top navigation. Then select “SSO apps” from the left side navigation. If your application is already created, select it from the list of applications and move to Step 2. Otherwise, select “Add app”.
+![A screenshot showing "Add app" in the "SSO apps" section of the Applications tab in the LastPass admin dashboard.](https://images.workoscdn.com/images/e6cc5fbc-e802-4cd4-b3d6-786c31ee7db2.png?auto=format&fit=clip&q=50)
+In the modal that pops up, click on “Add an unlisted app”.
+![A screenshot showing the selection of "Add an Unlisted App" for the creation of a new SSO app.](https://images.workoscdn.com/images/fad2dc44-73a1-4b98-b8bb-ee02e7293dfd.png?auto=format&fit=clip&q=50)
+Give your SAML App a descriptive name and select “Continue”.
+![A screenshot showing how to add the name for a new SSO app.](https://images.workoscdn.com/images/839575b4-8b1c-45e5-ab10-8fcc509fc1be.png?auto=format&fit=clip&q=50)
+---
+## (2) Initial SAML Application Setup
+Under the “Set up LastPass” section of the “Configure app” modal, input the ACS URL from the WorkOS Dashboard Connection details under “ACS”. Then click on “Advanced Settings”.
+![A screenshot showing where to add the ACS URL during the configuration app step in LastPass SAML Settings.](https://images.workoscdn.com/images/01e69cb0-8c93-474f-ad15-6cde111ac699.png?auto=format&fit=clip&q=50)
+Under “Entity ID”, input the SP Entity ID from the WorkOS Dashboard Connection details. Next, under “SAML signature method”, select “SHA256”.
+![A screenshot showing where to add the Entity ID during the configuration app step in LastPass SAML Settings.](https://images.workoscdn.com/images/4b80975b-c0bb-4efd-80dd-3a3c52836ec5.png?auto=format&fit=clip&q=50)
+Under “Signing and encryption”, ensure that you have at least selected “Sign assertion”. Then, click on “Add SAML attribute”.
+![A screenshot showing to select "Sign assertion" checkbox option for "Signing and encryption" in LastPass SAML Settings.](https://images.workoscdn.com/images/0e2a022f-444b-468b-91ad-cb2078142425.png?auto=format&fit=clip&q=50)
+---
+## (3) Configure SAML Application
+Map the following four attributes as shown below, and select “Save & assign users”.
+- First Name → `firstName`
+- Last Name → `lastName`
+- Email → `email`
+- User ID → `id`
+![A screenshot showing hot to add Attribute Mapping for a LastPass SAML app.](https://images.workoscdn.com/images/3e75c892-a7cc-4167-9e45-c046232c1231.png?auto=format&fit=clip&q=50)
+### Role Assignment (optional)
+With [identity provider role assignment](/sso/identity-provider-role-assignment), users can receive roles within your application based on their group memberships. To return this information in the attribute statement, add a new SAML attribute for the "Groups" field and input `groups` as the attribute name, as shown below. Then, select "Save & assign users".
+![A screenshot showing how to add a groups attribute to a LastPass SAML app.](https://images.workoscdn.com/images/611cd4d7-715b-423c-b110-323f00d7ad8c.png?auto=format&fit=clip&q=50)
+> Finish role assignment set-up by navigating to the SSO connection page in the _Organization_ section of the [WorkOS Dashboard](https://dashboard.workos.com/). Create SSO groups by referencing the group IdP ID. Then, assign roles to these SSO groups so group members are automatically granted roles within your application.
+---
+## (4) Add Users and Groups to SAML Application
+On the “Users, groups & roles” page, click on “Assign users, groups & roles”.
+![A screenshot showing to select "Assign users, groups & roles" for your LastPass SAML app.](https://images.workoscdn.com/images/cec59ee3-85f1-45cd-8ed5-03dfef194de9.png?auto=format&fit=clip&q=50)
+Search and select any users or groups that you would like to provision to this SAML app. Then, click “Assign”.
+![A screenshot showing to select Users and Groups in LastPass.](https://images.workoscdn.com/images/fc3fd859-1092-45a8-922f-38b4619863d8.png?auto=format&fit=clip&q=50)
+Click on “Save & continue”.
+![A screenshot showing where to save and move to next steps in LastPass.](https://images.workoscdn.com/images/4b775f48-9045-4122-8c9c-4770370edd4b.png?auto=format&fit=clip&q=50)
+---
+## (5) Upload Metadata file
+Back on the “SSO apps” tab of the LastPass admin console, select the SAML app that you just created.
+!A screenshot showing where how to select SAML App in LastPass.](https://images.workoscdn.com/images/99a9a771-02bc-4817-b576-414bafa2d6f2.png?auto=format&fit=clip&q=50)
+On the “Configure app” modal, click on “Expand” to the right of “Set up app”.
+![A screenshot showing how to expand Set Up App in LastPass.](https://images.workoscdn.com/images/e717af8d-f5aa-4629-ae38-d5d0376d57dd.png?auto=format&fit=clip&q=50)
+At the bottom of the “Set up app” section, click on “Download metadata (XML)”. Save the downloaded XML metadata somewhere accessible.
+![A screenshot showing where to download Metadata File in LastPass.](https://images.workoscdn.com/images/bbd5f4bc-8386-4650-9559-f072b265d71b.png?auto=format&fit=clip&q=50)
+In the Connection settings in the WorkOS Dashboard, click “Edit Metadata Configuration”.
+![A screenshot showing where to edit Metadata Configuration in WorkOS Dashboard.](https://images.workoscdn.com/images/c485258c-6762-4ea7-9999-a2a43767de23.png?auto=format&fit=clip&q=50)
+Upload the XML metadata file from LastPass into the “Metadata File” field and select “Save Metadata Configuration”.
+![A screenshot showing a successful upload of the Metadata File in WorkOS Dashboard.](https://images.workoscdn.com/images/dd796b97-442e-4b74-a6ae-c5f2642b717a.png?auto=format&fit=clip&q=50)
+Your Connection will then be linked and good to go!

package/.docs/organized/docs/integrations/linkedin-oauth.mdx ADDED Viewed

@@ -0,0 +1,77 @@
+---
+title: LinkedIn OAuth
+description: Learn how to set up OAuth with LinkedIn.
+icon: linkedin
+breadcrumb:
+  title: Integrations
+  url: /integrations
+originalPath: .tmp-workos-clone/packages/docs/content/integrations/linkedin-oauth.mdx
+---
+## Introduction
+To configure your global LinkedIn OAuth setup, you’ll need three pieces of information: a [Redirect URI](/glossary/redirect-uri), a LinkedIn Client ID, and a LinkedIn Client Secret.
+---
+## What WorkOS provides
+WorkOS provides the Redirect URI, an allowlisted callback URL. It indicates the location to return an authorized user to after both an authorization code is granted, and the authentication process is complete.
+Open your [WorkOS Dashboard](https://dashboard.workos.com) and browse to the _Authentication_ section on the left hand navigation bar. Scroll down to the _LinkedIn OAuth_ section and click _Enable_.
+![A screenshot showing the LinkedIn OAuth section in the WorkOS Dashboard.](https://images.workoscdn.com/images/895bb0d8-4702-48d4-ae81-6f38ca726dd1.png?auto=format&fit=clip&q=80)
+In the modal, you’ll see the Redirect URI as well as the fields you’ll populate later with information from LinkedIn. Copy this URI. We will use it as part of the registration process in the LinkedIn Developer Portal.
+![A screenshot showing the LinkedIn OAuth configuration modal in the WorkOS Dashboard.](https://images.workoscdn.com/images/02ae5f39-c109-440e-a874-d45f16cac516.png?auto=format&fit=clip&q=80)
+---
+## What you’ll need
+In order to integrate you’ll need the LinkedIn Client ID and the LinkedIn Client Secret.
+These are a pair of credentials provided by LinkedIn that you’ll use to authenticate your application via the OAuth protocol. To obtain them:
+---
+### (1) Create the LinkedIn OAuth Application
+Log in to your LinkedIn account, go to the [_Developer Portal_](https://developer.linkedin.com) page and click on _Create app_.
+![A screenshot showing the LinkedIn page to register a new OAuth application.](https://images.workoscdn.com/images/75a8bb4c-8df2-4c9d-b205-5e9e07d31501.png?auto=format&fit=clip&q=80)
+Start by filling out the form with the required details about your application, like the application name, LinkedIn page, and app logo.
+![A screenshot showing the LinkedIn form to create a new OAuth application.](https://images.workoscdn.com/images/7da6ffdf-adda-4218-ac93-c2b211bfb12e.png?auto=format&fit=clip&q=80)
+Finally, click on _Create app_.
+### (2) Configure redirect URL and get the client credentials
+On the next page, click the _Auth_ tab. Copy the Client ID and Primary Client Secret. We will use them in the next step.
+![A screenshot showing OAuth client credentials in the LinkedIn developer settings](https://images.workoscdn.com/images/da63c1b4-44d3-43ca-a962-a1f7e641dc0e.png?auto=format&fit=clip&q=80)
+Click the pencil button at _OAuth 2.0 settings_ > _Authorized redirect URLs for your app_. Click _Add redirect URL_ and paste the WorkOS Redirect URI. Click _Update_.
+![A screenshot showing OAuth redirect URL in the LinkedIn developer settings](https://images.workoscdn.com/images/9e838b55-e2c7-4b30-bf68-8531e7bf376a.png?auto=format&fit=clip&q=80)
+### (3) Add OIDC support in the Products tab
+Click the products tab and add the Sign In with LinkedIn using OpenID Connect product.
+![A screenshot showing the LinkedIn OIDC configuration dashboard](https://images.workoscdn.com/images/f629579e-0ff1-42da-b1fc-40f577ae6723.png?auto=format&fit=clip&q=80)
+### (4) Provide client credentials to WorkOS
+Go back to the _Authentication_ section in the WorkOS Dashboard, and click on _Edit_ under _LinkedIn OAuth_.
+Toggle _Enabled_ on and provide the client credentials from LinkedIn that you generated in the previous step.
+Finally, click _Save_.
+![A screenshot showing the LinkedIn OAuth configuration modal in the WorkOS Dashboard.](https://images.workoscdn.com/images/02ae5f39-c109-440e-a874-d45f16cac516.png?auto=format&fit=clip&q=80)
+You are now ready to start authenticating with LinkedIn OAuth. Your users will see the option to sign-in with LinkedIn when visiting your [AuthKit](/user-management) domain.