As people join and depart your organization, you need to grant and revoke access to Workplace. This set of guides introduces the concepts of account provisioning and deactivation, and will show you how to integrate with your Active Directory or cloud identity provider to provision accounts for your employees.
To connect the workplace, it's important that employees can find and tag each other when collaborating.
In some enterprise software, employees can create their own accounts at will, as long as they have an approved email domain. This is supported in Workplace but is not recommended.
In Workplace, employee accounts can be searched, discovered and added to groups by their peers and managers, even before they start using their account for the first time. This is only possible if accounts are provisioned in advance.
When employees leave your company, it's crucial that they no longer have access to the content on Workplace.
If you're using Single Sign On, you can prevent access for a specific account when an employee leaves, but this doesn't deactivate the account, and the account holder may still receive email notifications from Workplace. Other employees will continue to be able to find and message that account, with no indication that they've left, which is a poor user experience.
To properly ensure that ex-employees are excluded from seeing your content, Workplace supports and recommends implementing account deactivation.
Workplace only supports instant account deletion for accounts that have never been used, and only via the Account Management API. See Account Management API for instructions on deletion and account deactivation via API.
Active accounts can be instantly deactivated but not deleted, to ensure posts and comments by the account holder remain available for everyone else. To request deletion of an active account, you can contact Workplace Support using the Quick Help menu.
If your company doesn't have an identity management solution in place, the easiest way to add users to Workplace is to create them manually. This can be achieved either one account at a time, or via bulk uploads.
How to provision and deactivate user accounts manually, one at a time.Manual Account Management
How to provision and deactivate user accounts in bulk, using CSV files.Bulk Account Management
Workplace is supported by the leading identity providers (IdPs). If your company uses a supported IdP, you'll find guides in here to configure it for provisioning to Workplace. If your company manages identity with an on-premise solution, you'll be able to use our Account Management API to build a custom integration for provisioning to Workplace.
How to provision and deactivate accounts automatically through one of the supported IdPs, including G Suite (formerly Google Apps For Work), Microsoft Azure AD, Okta, OneLogin and Ping Identity.Automatic Account Management
How to use the SCIM-based Account Management API to provision and deactivate accounts via a custom integration.Account Management API