This guide outlines available integrations, mobile apps, and extensions that are compatible with the 7Geese platform. Note: You will need administrator permissions to access most integration configurations.

Slack

Keep your team aligned in the services you use every day. Once setup, the Slack integration can pull from 7Geese your teams' check-ins, objectives status assessments, and final closing reflections for objectives as well as received recognitions can populate into any #channel directly in Slack.

You can customize the integration to send notifications to specific Slack channels by department, by notification, or have all notifications feed into the same channel for all departments.

You can also recognize your teammates directly from Slack using the /recognize command if you enable the slash command! 

Getting started

Click here to access the integrations > Slack setup page. Get started by selecting New Notification

Configuring team and channel access

After selecting new notification, you'll be asked to provide access to 7Geese from your Slack. After you've selected your team, choose the channel you'd like your notifications to appear in. An e-mail confirmation will be sent to let you know that Slack and 7Geese are now connected.

Customizing notifications

To get started customizing where notifications get sent in Slack, click the "new notification" bar that appears in 7Geese. This will create a drop down menu that will pre-fill a message that you can customize. 

Two separate options will also appear to choose whether you'd like to send check-ins and recognitions to the same channel, or, split them into separate channels (configuring check-ins + configuring recognition messages).

To customize the default messaging, you can use the in-app guide or view Slack's handy formatting guidelines

Looking for even more customization? The template builder supports Jinja 2. This documentation here provides an overview of syntax available to customize your Slack message. 

Messages in separate channels

To change where the messages appear, add a new notification and select a new channel in the Slack authorization step. Back in 7Geese, choose whether you'd like to send recognitions and/or check-ins to that channel. 

You can also filter out messages based on departments. If you're looking to have all of the engineering team's recognitions filter into an #eng-talk channel, create the notification using the above steps, then select the department from the list to filter specific sub-set notifications. 

No other recognitions/check-ins except from the departments you select will filter into that channel, so you'll have to create a second notification for the rest. 

You can add as many departments as you'd like to each message you create. 

Messages in Slack: Appearance

Once setup, here's how your messages will look in Slack

Note: If you customized your message, what appears will look differently. 

Recognize from Slack by Setting up a Slash Command

Keep your team aligned in the services you use every day. Recognize team members directly from Slack by setting up a Slash Command.

Setting up a Slash Command

Head back to 7Geese Integrations to enable the slash command. Simply hit enable, authorize your Slack network to connect to 7Geese and you're good to go!

note: only one team member has to setup the Slash Command. Once set, all team members can skip to part 2, recognizing from Slack.

Head back to Slack to try it out. You have to follow the usage hint format for the recognition to post back in 7Geese. 

Your Slash Command is Ready! Recognize from Slack

To recognize in Slack, you'll have to use this format:

 /recognize <name or email> for <badge> for <reason>

The < and > notes what you can remove and replace with what's labeled instead. Remove the < and > as they are just placeholders what you can put inside. Example: /recognize Jonas for Excellence for Awesome job...

The first time you recognize someone in Slack, you'll be prompted to sync your 7Geese to Slack accounts and provide access for Slack and 7Geese to talk to each other. 

You don't have to connect your accounts to be recognized, only if you wish to recognize others from directly in Slack. 

Inside 7Geese select Connect with Slack. Please note: every user that wishes to recognize other team members directly from Slack needs to connect with Slack through their account settings.

Once authorized, head back over to Slack and try your recognition again.

There are a few scenarios where the recognition may not go through. Here are a few cases: You've typed in a team member's name incorrectly, you typed in a badge that doesn't exist, or you tried recognizing yourself. In every instance, we save your input so you won't lose what you've already typed. 

Success! Here's what a successful recognition looks like through the /recognize command:

If you have the Slack integration setup to push recognitions to a specific channel, the recognition will also appear just as if you've recognized from 7Geese.

 

Yammer

7Geese can integrate with your Yammer social network to pre-populate and provision each teammate in your organization into 7Geese. Through this integration, save time onboarding 7Geese by using the Yammer integration one click setup to pre-fill information associated with each teammate in your organization. This walkthrough will guide you through where you can begin this integration.

Video length: 1 min. 10 seconds (no audio)

Integration Behaviours

  • First, you have to seek permission to allow 7Geese to access your Yammer information. 
  • 7Geese will pull the following from Yammer:
    - Profile Names (First and Last)
    - Individual's Job Title
    - Profile Photo
    - Email (IMPORTANT NOTE: To successfully integrate an individual from Yammer, they must have the same @domain ending as that which you have signed up for on 7Geese. You cannot use @gmail.com if your organization is @myorg.com for example.)

  • Once you have started the integration you can choose to integrate all, or just small groups at a time from Yammer.
  • If there are any @domain emails that don't match from Yammer to your 7Geese network, or alternatively if there is data that is causing errors they will highlight in red and be skipped. 
  • If you have already used Yammer before to integrate other teams, those that are already existing in 7Geese will highlight in blue and be skipped.
  • 7Geese will send the following information to Yammer
    - Recognitions received
    - Objective check-ins will populate to the Yammer ticker

Yammer SSO (Single Sign-on)

When teams are integrated via Yammer, they can use the Yammer SSO to sign into 7Geese with one click! Simply select 'Yammer' on the login screen. Two apps, one password!

IMPORTANT NOTE: When integrating teammates from Yammer they will automatically be provisioned an active account within 7Geese. This means that you will be charged on your next billing cycle for these newly activated accounts.

HRIS Sync Integrations

Syncing Types

7Geese HRIS integrations have two syncing types: Normal and 1-to-1.

Normal Sync

Users can still be added to 7Geese directly if desired. These users will be editable from 7Geese, but the users who exist in 7Geese as well as in your HRIS system will be automatically updated.

One-to-One Sync

All users who are in 7Geese, but not in your HRIS system, will be deactivated. New users can only be added to 7Geese by adding them into your HRIS system.

Regardless of the syncing type you select, the integration will auto-sync on the hour, every hour. You can see when the next auto-sync will occur by going back to the edit integration page. 

Note: If you need to sync before the auto-sync simply 'verify settings' and the sync will occur as soon as you verify again.

Syncing Behaviours

The HRIS sync integration will help you efficiently manage your team's information in one tool, rather than have to duplicate efforts across multiple platforms as information changes. Before setting up the integration it's important to know what to expect to ensure you are selecting the right sync type.

Once the integration is established, here's what can be expected:

 

  Normal Syncing 1-to-1 Syncing
People Data
Adding New Users

Users can be added both in 7Geese and in your HRIS system. If a user is added first in HRIS system they will automatically sync, appearing in 7Geese. If a user is added first in 7Geese they will be managed only in 7Geese, not appearing in your HRIS system.

With the integration enabled you can add users in your HRIS system only. If a user is added in your HRIS system they will automatically sync, appearing in 7Geese. A user cannot be added first in 7Geese. 

Updating Existing User Information

Pre-existing 7Geese users will only be updated if they exist as an employee in your HRIS system. If they do, your HRIS system will now manage the employee data and the user's information can only be edited via your HRIS system. If they do not exist in your HRIS system, the user remains editable in 7Geese.

Pre-existing 7Geese users will only be updated if they exist in your HRIS system. Your HRIS system will now manage the employee data and the user's information can only be edited via your HRIS system. If they do not exist in your HRIS system, the user remains in 7Geese will be deactivated if not added to your HRIS system.

Department Data
Adding New Departments

With the integration enabled, across both syncing types you can add departments both in 7Geese and your HRIS system. 

If a department is added first to your HRIS system they will automatically sync, appearing in 7Geese. 
If a department is added first in 7Geese they will be managed only in 7Geese, not appearing in your HRIS system.

Editing Existing Departments

Pre-existing 7Geese departments will only be updated if they exist in your HRIS system. Your HRIS system will now manage department data. Information can only be edited via your HRIS system for these departments.

If a new department is added in 7Geese, it can be edited in 7Geese only and will not populate into your HRIS system.


Optionally Syncing Fields

If you want to only sync certain fields from your HRIS system into 7Geese, you can accomplish this by picking the fields you want to be synced in the Choose Fields to Sync section of your integration.

The options available for each field are:

Option Steps Description
Don't sync field Uncheck the checkbox beside the field you don't want to sync The field will not be synced your HRIS system. The current value of the field will be maintained in 7Geese.
Always sync field (default) Check the checkbox beside the field name and pick Always use HRIS value from the dropdown Syncing will always override any value in 7Geese with the value in your HRIS system.
Don't override 7Geese data Check the checkbox beside the field name and pick Don't overwrite existing 7Geese data from the dropdown Syncing will only override data in 7Geese from your HRIS system if the current value in 7Geese is blank.

 

 

Ignoring Syncing Users

You may not want to sync certain accounts in your HRIS system such as service accounts. You can use the Ignore syncing these users field to prevent these accounts from being synced to 7Geese. You can add multiple email addresses or HRIS IDs separated by commas to this field to prevent multiple users from being synced. To find the HRIS ID of a user in your HRIS system, refer to the documentation of your HRIS system.

 

  Normal Syncing 1-to-1 Syncing
Ignored user exists in 7Geese but not in your HRIS system

The user will remain in their current state in 7Geese. You can still manually manage and use the account. If the user is later added to your HRIS system, it will not be synced with 7Geese.

The user will remain in their current state in 7Geese. You can still manually manage and use the account. If the user is later added to your HRIS system, it will not be synced with 7Geese.

Ignored user exists in your HRIS system but not in 7Geese

The user will not be added to 7Geese.

The user will not be added to 7Geese.

Ignored user exists in 7Geese and your HRIS system

The user will remain in their current state in 7Geese. You can still manually manage and use the account. If the user is later modified in the HRIS system, it will not be synced with 7Geese.

The user will remain in their current state in 7Geese. You can still manually manage and use the account. If the user is later modified in the HRIS system, it will not be synced with 7Geese.

 


Preparing Your Data

Before setting up the integration, now that you are familiar with sync types, it's important to ensure your data is prepared in your HRIS system.

Here are a few important reminders:


1-to-1 Syncing
 

Ensure all employees that are currently in 7Geese are added to HRIS system to avoid user deactivation

Both Syncing Types

Double check that your employee details (phone numbers, employee IDs, etc.) in your HRIS system are up-to-date. Users being managed by your HRIS system will have their records in 7Geese overwritten.

Check your reporting managers in your HRIS system. What is listed in your HRIS system will be reflected in 7Geese.

Make sure all your domains (@yourcompanyhere.com) are merged into your pre-existing 7Geese network. If this is not the case, contact us and we can set this up.

 

BambooHR

Integration Overview

This guide is an overview of information related to getting your network 7Geese portal ready using the HRIS, BambooHR. It will cover

  1. How to setup the integration (finding your API key in BambooHR) 

BambooHR: Finding Your API Key

Once you've readied your data you are ready to begin setting up the integration. 

In BambooHR, you will need to get the following information:

  1. Your company name 

    This needs to be the same that's listed in your 7Geese network. 

    Head to your account settings in BambooHR to cross-reference your company name.


  2. An API key

    To obtain an API key in BambooHR, select your profile icon on the navigation menu.

    If you have no API keys generated, select 'Add a New Key' on the right side.

BambooHR: Configuring BambooHR in 7Geese

Once you've collected these two pieces of data, head over to the Integrations page in 7Geese via Organization Settings. Here you can get started configuring BambooHR.

 

Once you're ready to configure, put the company name and API keys in their respective places, select the type of syncing you'd like and click verify.

Replace First Names With Nicknames

If your team prefers to use their nickname instead of legal first name, simply check off the option before verifying and if there is a nickname in BambooHR, 7Geese will automatically replace the first name! If no nickname is provided in BambooHR, a user's first name will remain the default first name listed in BambooHR. 

User Import Verification

After you've clicked verified settings you will be prompted to ensure that everything is correct before turning on the integration. Scan through the information and simply select 'Enable this integration.' 

At any time if you need to you can disable the integration, keeping the information stored in 7Geese that's been pulled from BambooHR. 

HRIS Webhook Sync

This guide is an overview of information related to syncing users to your 7Geese network using Webhooks. Webhooks provide an alternative to syncing user data when that data might not be available over the internet. Setting up an HRIS Webhook Integration requires technical work on your end to send data from your HRIS system to 7Geese. It will cover

  1. Creating a webhook
  2. Testing your webhook
  3. Enabling your webhook

HRIS Webhook Sync: Creating a Webhook

In the integrations section of 7Geese, click Configure next to "HRIS Webhook".

After picking your Sync Type and configuring which fields you want to sync, click the Create Webhook button.

You should be provided with an API Key and a Webhook Endpoint. Make a note of these values as you will need it to send data to 7Geese.

HRIS Webhook Sync: Testing your Webhook

When you first create a new HRIS Webhook, it is created in Test Mode.

Understanding Test Mode

Test mode allows you to send data to your Webhook Endpoint without it affecting any of your data in 7Geese. You can run a simulation with the data you submitted to see how a particular webhook request would have affected users in your network. You can view all the requests you have made to your Webhook Endpoint and run simulations from the HRIS Webhooks Logs page: https://app.7geese.com/admin/hriswebhook/logs/

Sending Data to 7Geese

To send data to 7Geese, you have to POST JSON data to your Webhook Endpoint and send your API Key in the X-HRIS-AUTHENTICATION header of the request.

The data you send to 7Geese needs to be structured in a specific way. This JSON schema describes how to structure your data before sending it to 7Geese.

Note that not all fields are required. Here is a complete example of data structured in the correct way. 

Here is an example of sending valid data to you Webhook endpoint using cURL.

HRIS Webhook Sync: Enabling your Webhook

After enabling your webhook, any data sent to your Webhook Endpoint will be actively synced with 7Geese. To enable your Webhook, check the Enable webhook checkbox and click the Save Settings button on the integration page. 

At any time you can disable or update your webhook. Updating puts the webhook back in Test Mode. You should test your integration again after modifying it before activating the webhook again.

G Suite

This guide is an overview of information related to getting your 7Geese network ready using the user directory in G Suite. It will cover

  1. Enabling API access to your G Suite account 
  2. Setting up SSO exclusively through Google accounts (optional)

G Suite: Enabling API access

7Geese needs API access to your G Suite account in order to setup the sync integration. To enable API access, follow these steps from the G Suite documentation: https://support.google.com/a/answer/60757?hl=en 

G Suite: Setting up SSO exclusively through Google accounts (optional)

If you want to restrict logging in to 7Geese with Google accounts, you can use the Only allow login via Google option. When this option is enabled, users in your network can not use the password they may have set in 7Geese to log in.

 

G Suite: Configuring G Suite in 7Geese

Once you are ready, click Verify Settings. This will prompt you to log into your G Suite account. The G Suite account you choose to associate with this integration must have access to the G Suite user directory. Once logged in, you will be redirected to 7Geese and shown a verification dialog summarizing the effect the first sync will have on your 7Geese network. If you are happy with the summary, save the changes to enable the integration.

Workday

This guide is an overview of information related to getting your 7Geese network ready to use the Workday HRIS integration. It will cover

  1. Creating an integration system user in Workday
  2. Creating custom reports in Workday
  3. Configuring Workday in 7Geese

Workday: Creating Integration System User

You will need to create a user that has permissions to read the reports that you will create in the next step. Detailed instructions can be found in Appendix A of the Workday Integration Document.

Workday: Creating Custom Reports

Before you can create the custom reports, you will need to create 2 calculated fields. Detailed instructions can be found in Appendix B of the Workday Integration Document.

7Geese will require 3 custom reports:

  1. 7Geese worker sync integration report
  2. 7Geese worker photo sync report
  3. 7Geese photo changes report

Detailed instructions can be found in Appendix C, D and E of the Workday Integration Document respectively.

Workday: Configuring Workday in 7Geese

Once you have created the Workday integration system user and created the 3 custom reports, you are ready to configure the Workday integration in 7Geese.

Enter the username and password of the integration system user in their respective place. Enter the URL of the 7Geese worker sync integration report in the Employee Report URL field, the URL of the 7Geese worker photo sync report in the Employee Photo URL field and the URL of the 7Geese photo change report in the Employee Changed Photo URL field.

Invite but do not Activate New Users

This option is available if you prefer new users explicitly activate their accounts before using 7Geese. This is a useful option if the use of 7Geese is optional within your organization and you require employees to activate their 7Geese accounts before they start receiving notifications.

Zenefits

This guide is an overview of information related to getting your 7Geese network ready using the user directory in Zenefits. It will cover

  1. Enabling the Zenefits integration in 7Geese
  2. Using preferred name instead of first name (optional)

Zenefits: Configuring Zenefits in 7Geese

To enable the integration, click Verify Settings. This will prompt you to log into your Zenefits account. Once logged in, you will be redirected to 7Geese and shown a verification dialog summarizing the effect the first sync will have on your 7Geese network. If you are happy with the summary, save the changes to enable the integration. The integration will sync your Zenefits directory every hour.

Zenefits: Using Preferred Name Instead of First Name

If you wish to sync a user's preferred name in Zenefits as their first name in 7Geese, you can check the Set employees' first name to their preferred name (if available) option. This use use an employees' preferred name if it is available.

Flowdock

Get notified in Flowdock when new objectives are checked-in to and/or when new recognition is given. This walkthrough is based on setting up a link to Flowdock when new recognitions are received in 7Geese, but the same steps can be followed for setting up objective check-in zaps.

You also have to accept the invitation to our Zapier integration: access the invitation here. 

Creating a Zap: setup specifications

Choose a trigger: In the first section select 7Geese and Flowdock as the second option. This ordering is important as it means when an action occurs in 7Geese a secondary action will result in Flowdock.

Select Accounts: Choose your 7Geese and Flowdock account that you will be using.

Setting up an account: You’ll need to get your API keys from your account settings in Flowdock. You can setup the Flow API token to have the zap you’re going to create for recognition or check-ins appear in a specific inbox or chat area.

Adding Filters: Use filters only if you want to post specific Recognitions to Flowdock. For example, you may only want certain badges to appear in Flowdock versus every single badge recognition.

Match up Recognition in 7Geese to Flowdock messaging

  • Source: 7Geese
    (This is where the recognition is coming from)

  • From address: {{5025177__sender__user__email}}
    (The person giving the recognition’s email address AKA the “sender user email”)

  • Subject: {{5025177__badge__name}} Recognition for {{5025177__recipient__user__first_name}}
    (This will be the subject on Flowdock, so we recommend using your badge name with some customized text and to whom the recognition is being given.)

  • Content: Enter customized texts using the "insert fields" options and format the details to customize the way the new Flowdock message will appear. 

    Here's sample setup text that we recommend:


{{5025177__sender__user__first_name}} recognized {{5025177__recipient__user__first_name}} for {{5025177__badge__name}}! Here's what they were recognized for: {{5025177__message}}. Like or comment on the recognition here: {{5025177__url}}

This is what the message will look like in Flowdock:

If you’ve established a specific Flow API, here’s an example of a check-in appearing in the chat messages section:

(The content was customized to have the objective owner’s name, objective name, and progress displayed.)

Test Your Zap: Finally, test to see if the Zap works, and then turn the Zap on.

Name the Zap and set it live!

Zapier Actions

Trigger App --> 7Geese

To get started, accept the invitation to our Zapier integration: access the invitation here. Once you've accepted the invite you can continue to create a Zap from your dashboard using the make a new Zap button.

After starting a new Zap, select the first product you'd like to connect. This will be the product you'd like to take data from to input into 7Geese in a check-in or post.

As you setup each application you'll be prompted to select the action you'd like to push into 7Geese. Below is an example with Trello where you can choose to push activity related to various actions, such as creating a new board. When connecting to 7Geese you can choose to have it push data as a post, or a check-in.

Once you've connected both accounts (from the app you're connecting, as well as 7Geese) you'll be prompted to test the connection to ensure that you have the right data in both applications to ensure your Zap will work properly. 

You'll then be prompted to define how you'd like the data to be put into 7Geese. This includes selecting which Objective you'd like to post to as well as crafting your check-in message.

Once you've setup your custom message and linked your Objective, you can test the integration before turning it live. Check the main feed in your 7Geese account to make sure that everything is setup as you'd like, then turn the Zap live!

Here's what the feed item will look like in 7Geese. It'll be custom to the message you created in your Zap, posting a text update. There won't be any increase in your key results.

A Few Things to Note!

  • A new Zap has to be setup for each Objective you'd like to connect, following the same steps above.
  • Different applications may have different restrictions that require you to have administrative permissions to setup. Unfortunately, 7Geese cannot grant special access if the restriction is with a third-party application.
  • Zapier actions cannot update specific key results, it can only post to your objective or check-in with a text update.

Have an interesting workflow that you've used Zapier to setup? Let us know at support@7geese.com, we'd love to hear from you. 

7Geese --> Action App

Using Zapier you can setup the following data feed into a third party application:

  • Check-in message and progress updates
  • Recognitions given
  • New objective creation

To get started, accept the invitation to our Zapier integration: access the invitation here. Once you've accepted the invite you can continue to create a Zap from your dashboard using the make a new Zap button.

 

Set the trigger app to 7Geese, select what type of activity you'd like to push, and connect your account. You can then select the app you'd like to push your check-in, recognition, or objective creation to. 

For example, you may want to have check-ins feed into your Trello board related to Objectives, creating a comment. You can customize how you'd like the comment to appear using Zapier's message builder.

Once you've setup your custom message, you can test the integration before turning it live. Check the main feed in your action application to make sure that everything is setup as you'd like, then turn the Zap live!

 

Browser Extensions

The 7Geese platform can integrate with Google Chrome or Safari as an extension. (For free!)

You can easily access our extensions in-app through our extended features option via the navigation bar. If you're not yet logged in, see how to access each browser's extension below. 

Chrome Extension

7Geese extension for Google Chrome™ is composed of two main features. First, users can see their objectives and check-in to them. They can also directly recognize their team members in just a few clicks.

To get the chrome extension begin by searching the Chrome web store

All you have to do is add it to chrome and it'll automatically appear in your navigation bar as enabled. You can always alter your extension preferences through Chrome settings. 

Safari Extension

7Geese extension for Safari is composed of two main features. First, users can see their objectives and check-in to them. They can also directly recognize their team members in just a few clicks.

To get the Safari extension begin by searching the Safari Extension Gallery. Alternatively, you can access Safari extensions in-browser through preferences. 

Once Installed, you will be prompted to login if you have not yet logged in to 7Geese. You can always disable the 7Geese extension, or, edit your Gmail extension settings via preferences. 

Gmail Extension

With both extensions you can enable the Gmail extension; this will enable a side menu that displays your team members' objectives. You can also recognize them! You have to be viewing an email from someone that is using 7Geese in your team. 

Mobile Access

The 7Geese platform can go mobile for Android or iOS. (For free!)

You can easily access links to our mobile apps in-app through our extended features option via the navigation bar. 

Android: Play Store

iOS: App Store

Mobile App Capabilities

Once installed, you will be prompted to log in. Once signed in, you're automatically sent to the feed - this is similar to the feed on your online experience. Below is a photo of the objectives view. With the objectives tab you area able to review the progress of each level of objective, check-in to your objective, view aligned objectives, and further analyze objective status'.   

Single Sign-On SAML 2.0

Note: You will need administrator permissions to access the 7Geese SSO integration section.

Add extra security through single-sign-on using a SAML 2.0 provider. 7Geese will support SSO with any platform that supports SAML 2.0. Get started setting up SSO through Organization Settings > Integrations. 

Select the SAML 2.0 configure section within organization settings.

To setup your integration, fill in the required fields and save. Be sure that all emails in 7Geese match those which are in your SSO provider. If the email that's associated with the SSO provider is different, users may not be able to access their 7Geese account. 

Once SAML is setup, users will no longer be able to sign in using their email/password combination and will need to follow the SSO login option when signing in. 

To add new team members after your SAML provider is setup for single-sign-on, invite the new team member from 7Geese. They'll be prompted to setup a password, where they'll be redirected to the login page. From here, they'll be able to select the SAML login option.  

If you are a single sign-on provider and would like to have your service featured on our support center please contact us at support@7geese.com.

Bitium

Get started by logging in through your Bitium account and searching in the app directory for 7Geese. Once found, select 7Geese and click Done on the top right of the screen.

You'll be prompted to configure the 7Geese app with your credentials. If you don't already have the Bitium browser extension installed, you'll be prompted through a one-click install to add the extension to your browser. 

If you already have the extension installed or once it's finished installing, you'll be prompted to log in to your 7Geese account. 

Once you've entered your login credentials, head to Manage Apps on the navigation menu in Bitium.

 

Click on the 7Geese app, head to the Single-Sign-On option and select SAML authentication from the drop down menu. 

At this stage, you'll have to open the 7Geese platform and navigate to Organization Settings > Integrations > Configure SAML.

The table below maps out where the corresponding information should be copied to and from Bitium and 7Geese. 

Bitium 7Geese
Entity ID Issuer URL
Metadata URL Metadata URL
Login URL SSO URL
Logout URL SLO URL
X.509 Certificate X.509 Certificate Details

 

After you've saved your settings, copy over the Issuer URL from 7Geese into the Entity ID field in Bitium along with the SSO Service URL from 7Geese into the ACS URL field in Bitium. 

Be sure to save your settings in both Bitium and 7Geese, then use the test login functionality in 7Geese before enabling.

Your team will now have to log in using the SAML provider option on 7Geese or using the 7Geese shortcut from the Bitium extension. 

Adding new team members

To add new team members after Bitium is setup for single-sign-on, invite the new team member from 7Geese. They'll be prompted to setup a password, where they'll be redirected to the login page. From here, they'll be able to select the SAML login option.  

OneLogin

The 7Geese+OneLogin integration has a total of 2 configuration steps, a testing phase, and the final enabling step. Please be sure to read through the entire tutorial before beginning the integration to ensure configuration success.

  1. After logging into your OneLogin account, navigate to the top options menu and select Apps > Add Apps to begin the 7Geese Integration.

  2. In the search bar type in the following text: SAML Test Connector (IdP w/ attr w/ sign response).

  3. As an optional step, you can configure the display name and icon. Our logo and favicons are uploaded to this article. You can download them from the right-side menu.

Be sure to click save to create the new app integration.

Integration Setup

At this point in the application integration, you should open the 7Geese platform in a separate tab and work with the two web pages simultaneously. 

After saving the new SAML Test app head to the SSO tab to get access to the app configurations.


Under the "SSO" tab, you will need to copy the following information into the administrative settings in 7Geese.

  • Issuer URL
  • SAML 2.0 Endpoint (HTTP)
  • SLO Endpoint (HTTP)
  • X.509 Certificate details 

Enter the data you gathered in the previous section into the form, copying directly from the SSO tab in OneLogin.

Here's a guide of what information from OneLogin goes into the 7Geese integration fields:

OneLogin --> 7Geese Integration Fields

 

OneLogin 7Geese
Issuer URL Issuer URL
Issuer URL Metadata URL
SAML 2.0 Endpoint (HTTP) SSO URL
SLO Endpoint (HTTP) SLO URL
X.509 Certificate X.509 Certificate Details


Go to SSO within OneLogin to access this information.

  • Step 1: Copy over the Issuer URL from OneLogin into the Issuer field on 7Geese
  • Step 2: Copy the same Issuer URL into the Metadata URL field on 7Geese
  • Step 3: Copy the same SAML 2.0 Endpoint (HTTP) URL into the SSO URL field on 7Geese
  • Step 4: Copy the same SLO Endpoint (HTTP) URL into the SLO URL field on 7Geese
  • Step 5: Copy the X.509 Certificate (Copy the certificate details from the View Details tab under the SSO section) into the X.509 Certificate field on 7Geese 

The page should show you your newly created SAML endpoints and indicate that the integration is still disabled. It is important that you do not activate your SAML integration just yet, as there is one final step in OneLogin.

OneLogin Configuration & Parameters

Once you have the 7Geese SAML integration setup, you have to manage the configurations and parameters for the integration in OneLogin. To add the information from the 7Geese platform back to OneLogin head to the Configuration tab in OneLogin. 

You need to paste the following information: 

                   7Geese       OneLogin
 Audience Audience
 SSO Service URL (Assertion Consumer Service) Recipient
 SSO Service URL (Assertion Consumer Service) Consumer URL
 SLO Service URL (Single Log-Out) Single Logout URL


Parameters 

Next, head to the Parameters tab to set up the configuration for first name, last name, and position. Add new parameters called first_name and last_name and click "Include SAML assertion" for each parameter.

The position field is optional.

For each field, once they are setup you have to go back into the parameter and map it with it's corresponding value. 

Below is a screenshot including the two-step process for first_name

Be sure to save the app configurations and new parameters. 

Testing The Integration

  1. You should now be ready to test the integration.

  2. You can test the integration directly through the integrations tab under organization settings where you originally setup the OneLogin SAML parameters.

    You will want to utilize the Assertion Consumer Service, or SSO Service URL: https://www.7geese.com/saml2/acs/dc4f2022ee8a45b69256098bb7d28ffa/ 

  3. Once tested, click Enable to sync OneLogin to 7Geese.

Adding new team members

To add new team members after OneLogin is setup for single-sign-on, invite the new team member from 7Geese. They'll be prompted to setup a password, where they'll be redirected to the login page. From here, they'll be able to select the SAML login option.    

Okta

Getting Started

  1. After logging into your Okta account, navigate to the top options menu and select Admin > Applications to begin the 7Geese Integration.
  2. After selecting the Applications tab, continue to Add Application. Type in the following to begin the 7Geese+Okta setup:  Template SAML 2.0 App
  3. Be sure to select Add to move forward.

After adding the SAML template, you will need to modify several fields in the list to match the following table

Template Title Corresponding Field
Application Label 7Geese
Post Back URL https://app.7geese.com
Recipient https://app.7geese.com
Audience Restriction https://app.7geese.com
Destination https://app.7geese.com
Default Relay State /
Attribute Statements first_name|${user.firstName},last_name|${user.lastName}

Please see the video walkthrough to know where to input the corresponding text into the Okta app.

PLEASE NOTE THAT IN THE VIDEO IT WILL INDICATE WWW.7GEESE.COM - THIS MUST BE UPDATED TO APP.7GEESE.COM TO FUNCTION. 

After copying each corresponding text in their fields, move forward with the integration by selecting Next.

At this stage of the integration, you need to assign the Okta application to your team members. You will set the username structure, which is typically the e-mail address of your colleagues, but you can use any text-related username structure. When completed, click Done for Okta to assign the usernames.

Configuring Okta

  1. After setting up the usernames for your team members, you can now begin to link 7Geese to the Okta login application. To get started, click on the Sign On tab, scroll down and click on the View Setup Instructions button.
  2. You will need to make note of the following information under the Configuration Data section as they will transfer over to the SAML setup in 7Geese:
  • The External Key
  • The Public Certificate (NOTE: You will have to download the certificate and open it in a text editor program)
  • Redirect Login URL
  • IDP Metadata URL (copy the URL for the "Public Link" 

Setting Up 7Geese

Begin by accessing Organization Settings in your 7Geese account or go to the following URL: https://app.7geese.com/admin/saml/

Enter the parameters from Okta into the 7Geese into the corresponding fields outlined in the table below:

   Okta 7Geese
External Key Issuer URL
IDP Metadata URL (Listed as [Public Link]) Metadata URL
Redirect Login URL SSO URL
Public Certificate (VIA Download) X.509 Certificate

After all data points are entered the page should show you your newly created SAML endpoints that you can then use to finish configuring Okta. These data points are listed at the bottom below the inputted Okta fields. It is important that you do not activate your SAML integration just yet, as there is one final step in Okta.

Finish Setup

  1. You must now go back and edit your previously created 7Geese application information in Okta.
  2. To review the configuration data, click on the General tab and select Edit under App Settings.
  3. Replace the inputted fields at the beginning of the integration with following values gathered from 7Geese: 

   7Geese Okta
SSO Service URL Post Back URL
SSO Service URL Recipient
Issuer URL Audience Restriction
SSO Service URL Destination 

Testing The Integration

  1. You should now be ready to test the integration.
  2. You can test the integration directly through the integrations tab under organization settings where you originally setup the Okta SAML parameters. You will want to utilize the Assertion Consumer Service, or SSO Service URL: https://app.7geese.com/saml2/acs/dc4f2022ee8a45b69256098bb7d28ffa/
  3. Once tested, click Enable to sync Okta to 7Geese. 

Adding new team members

To add new team members after OKTA provider is setup for single-sign-on, invite the new team member from 7Geese. They'll be prompted to setup a password, where they'll be redirected to the login page. From here, they'll be able to select the SAML login option.  

SAML 2.0 with Microsoft AD FS

This section will outline the specific steps needed to setup SAML 2.0 SSO with Microsoft Active Directory Federation Service (AD FS) 2.0.

Note: We officially only support Microsoft AD FS 2.0. It should be possible to use AD FS 3.0 (also know as ADFS 2012 R2) using instructions outlined here.

Important: These instructions apply to SSO only; you'll still need to manually provision and deprovision accounts in 7Geese.

Obtain your Federation URL

You should be able to obtain your federation url from the Certificates section of ADFS 2.0 by looking for the CN name. If you are unsure, please ask your system administrator.

Obtain your Certificate

Under Token-signing, right-click on CN=ADFS and click View certificate..

From the Details tab, ensure Show is set to All. Click Copy to File...

You'll then be taken to the Certificate Export Wizard. Click Next.

From Export File Format, under Select the format you want to use, select Base-64 encoded X.509 (.CER)

You will need to convert your certificate from DER to PEM. You can use this online tool: https://www.sslshopper.com/ssl-converter.html

Setup 7Geese

You can setup a new SAML connection by adding a new SAML integration from the integrations section in your organizational settings: https://app.7geese.com/admin/integrations/

Fill out the following fields for the SAML integration with the corresponding values. Replace adfs.7geese.com with your own AD FS domain that you found in step 1.

Field Name Value
ISSUER https://adfs.7geese.com/adfs/service/trust or http://adfs7geese.com/adfs/service/trust depending on your setup
METADATA URL https://adfs.7geese.com/adfs/ls
SSO URL https://adfs.7geese.com/adfs/ls
SLO URL https://adfs.7geese.com/adfs/ls/?wa=wsignout2.0
X.509 Certificate Copy the certificate you obtained in the previous step and open it in a text editor. Copy the value and paste it into this field.

Once you are done, click Save settings.

You should now see a SAML Config area on the page. Make a note of all the fields on this page. We will use it in the next steps.

Configure Microsoft AD FS 2.0

In the AD FS 2.0 Console, under Actions, select Add Relying Party Trust....

Press Start.

Choose Import data about the relying party published online or on a local network. Paste the Issuer URL that you noted down earlier from the SAML Config section. Click Next.

Choose a display name. You can leave it the default or type in a more descriptive name. Click Next.

Pick I do not want to configure multi-factor authentication settings for this relying party trust at this time and click Next.

Pick Permit All users to access the relying party and click Next.

Click Next for the Ready to Add Trust section and then Finish.

Right click the new Relying Party Trusts and choose Edit Claim Rules. Click Add Rule.

For the Claim rule template pick Send LDAP Attributes as Claims. Click Next.

Pick a name for the claim rule such as LDAP Claim. In the drop down for Attribute Store choose Active Directory. Choose E-mail-Addresses on the left dropdown under LDAP Attribute column and choose E-mail Address under the Outgoing Claim Type. Then click Finish.

Add a new rule and choose Transform an Incoming Claim  for the Claim rule template. Click Next.

Pick a rule name like email address to nameid. Pick E-mail Address for Incoming claim type . Pick Name ID for Outgoing claim type. For Outgoing name ID format choose Email. Keep pass through all claim values checked and click Finish.

Right click relying party trust that we created and choose Properties. Click advanced and make sure the selected Secure hash algorithm is SHA-1. Click Ok to save your settings.

Final Steps

You're all done. The integration should be setup successfully. Use the test link provide in 7Geese to test the integration before you activate it.

RESTful APIs

Our platform consists of a set of RESTful APIs that allow you to quickly and easily integrate 7Geese with your applications.

Registering a new Application With 7Geese

Before you get started, you'll have to register a new application. To register a new application, go to https://app.7geese.com/account/applications/.

You will need the following information:

  1. Name: The name of your application
  2. Authorization Grant Type: The method you want to allow to obtain an access token (https://tools.ietf.org/html/rfc6749#section-1.3)
  3. Redirect URIs: Where 7Geese will redirect to after the authentication flow is complete. You may have multiple URIs separated by spaces.

Implement OAuth2 Workflow and Obtain Access Token

You can use the OAuth 2 flow to obtain an access token for secure access to the 7Geese API. The OAuth 2 flow consists of the user authenticating with their 7Geese credentials. Next, the user authorizes your app to connect to their 7Geese account. The end result is a token your app can use to interact with the 7Geese on behalf of the user. This is how you would obtain an access token for an application with a grant type of "Authorization code".

Step 1. Obtain a grant code:

Obtain a code that you can exchange for an access token:

GET https://app.7geese.com/o/authorize/?client_id={clientid}&response_type=code&scope={list_of_scopes}&redirect_uri={redirect uri}&state={state string}

Here is an example:

GET https://app.7geese.com/o/authorize/?client_id=0Dn3qHXnFcqrXNqEGNo8O3TlJRjAqivGe4USfnEt&response_type=code&scope=all&redirect_uri=http%3A%2F%2Fwww.example.org%2Foauth2%2Fcallback%2F&state=my_state

If the user has authorized your grant request, 7Geese will redirect the request to the redirect_uri with a code GET parameter:

GET http://example.org/oauth2/callback/?code=12Dsdc32&state=my_state

If the user has denied your grant request, 7Geese will redirect the request to the redirect_uri with a error GET parameter:

GET http://example.org/oauth2/callback/?error=access_denied
2. Obtain your access token

You can use your code to obtain an access token that you can use to make requests to the 7Geese API:

POST https://app.7geese.com/o/token/?grant_type=authorization_code&client_id={client_id}&code={code}&redirect_uri={redirect_uri}&state={state_string}

Here is an example:

curl https://app.7geese.com/o/token/ -v --data "code=qAsBimvQAoUYTDoWQBewTAYsecj5YX&client_id=0Dn3qHXnFcqrXNqEGNo8O3TlJRjAqivGe4USfnEt&grant_type=authorization_code&state=my_state&redirect_uri=http%3A%2F%2Fwww.example.org%2Foauth2%2Fcallback%2F" -X POST

You should get a response similar to this:

{"access_token": "EFc75gT6x9O6khQJUviz15fiYGXxVG", "expires_in": 36000, "token_type": "Bearer", "state": "my_state", "scope": "all", "refresh_token": "CYiGLkPFqWhtRbfLemRB1J8HsXvrka"}

Obtain an Access Token using your email and password

If you create an application with a grant type of "Resource owner password-based", you can also skip the entire workflow and obtain an access token using your email and password:

curl -X POST -d "grant_type=password&username={email}&password={password}&scope={scope}" https://{client_id}:{client_secret}@https://app.7geese.com/o/token/

Here is an example:

curl -X POST -d "grant_type=password&username=numan@7geese.com&password=1234password&scope=all" https://bnt5h2lnrn14bEtQmZkixSHW5035cefiXZq5azSi:xSCBVtKHYa0VEkt4KX5tKRCqeM@app.7geese.com/o/token/ 

You should get a response similar to this:

{"access_token": "g6Oud5ujc3kAZTzkwfqxpm9DSiV9gi", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "Iw6OYoESmeB47BB8tkW9kT3vQY9EB6", "scope": "all"} 

Scopes

Currently, the only scope supported is all. In the future, more scopes will be available so you can grant more fine-grained access to the API.

Request ana API resource

Once you got an access token by either of the above methods, you can request API endpoints that require authorization by sending a header like this:

Authorization: Bearer {access_token}

Here is an example:

curl -H "Authorization: Bearer g6Oud5ujc3kAZTzkwfqxpm9DSiV9gi" https://app.7geese.com/api/v/2.0/objectives/ 

API Endpoints

A live overview of all available API endpoints can be seen at: https://app.7geese.com/api-docs/


Please contact support@7geese.com for further questions or if you believe something is missing, misrepresented, or outdated. 

Powered by Zendesk