1. In the PingFederate administrator console, create a new SP connection:
    • For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.
    • For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.
  2. Configure the basic connection details with the Workplace from Facebook quick connection template.
    1. On the Connection Template tab, select Use a template for this connection.
    2. From the Connection Template list, select Workplace from Facebook Provisioner.
    3. On the Metadata File row, upload the workplacebyfacebook-saml-metadata.xml file that you saved in Getting SAML details from Workplace. Click Next.
    4. On the Connection Type tab select Outbound Provisioning. Click Next.
    5. On the Connection Options tab, click Next.
    6. On the General Info tab, in the Connection Name field, enter a name of your choosing. Click Next.
  3. On the Outbound Provisioning tab, configure provisioning with the following details.
    For help, see Configuring outbound provisioning in the PingFederate documentation.
    1. On the Target screen, enter the OAuth Access Token value that you noted in Creating a custom integration and access token in Workplace.
      Note: PingFederate verifies the access token when you activate the channel and SP connection.
    2. If you want to enable the App secret proof feature, enter the App Secret value that you noted in Creating a custom integration and access token in Workplace.
    3. In the SCIM URL field, update the pre-populated value with the one of the following URLs depending on which version of SCIM you are using:
      • For SCIM 1.1 (Provisioner JAR 1.8.1 or earlier) use https://www.facebook.com/scim/v1/.
      • For SCIM 2.0 (Provisioner JAR 1.10 and later) use https://scim.workplace.com/.
    4. Under Provisioning Options, customize the provisioning connector behavior by referring to the Provisioning options reference. Click Next.
    5. From the UserName Attribute Mapping list, select the attribute that you want to use to synchronize users between the datastore and Workplace from Facebook. For details, see User management.
    6. On the Manage Channels tab, create a channel as shown.

      For help, see Managing channels in the PingFederate documentation.

      Note: If you changed the UserName Attribute Mapping in Provisioning Options, make the same change in Manage Channels > Channel > Attribute Mapping > userName.
      Note: For more information about the attributes available in your channel configuration, see Supported attributes reference.
  4. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.