Integrating Workplace into your IT systems sets up your organization for long-term success and security.
Why it's important
Why it's important
A strong Workplace technical integration can make managing accounts, enabling Workplace access and keeping your Workplace secure as seamless as possible. This guide offers a quick overview of the steps needed to integrate Workplace with your IT systems. For a comprehensive step-by-step guide, visit the Technical Set Up Guide.Tactical how to
Tactical how to
Verify your corporate email domain:
Verifying your Workplace domain makes your Workplace account “official” for your entire organization and prevents other people with the same email domain from creating other, separate Workplaces. Domain verification also allows you to:
- Enable Single Sign-On
- Edit personally identifiable information
- Send users notifications prior to their profiles being activated
If you choose not to verify your domain, you also have the option to allow list it. Allow listing your domain allows other people with the same email domain to create separate Workplace accounts. If you choose to allow list your domain you can still verify it at any time.
Learn how to verify or allow list in the Workplace Technical Resources.
Enable user access to Workplace:
- Allow list domains used by the Workplace service. Workplace is built on the same technology that powers Facebook and any domain restrictions to prevent network access to Facebook (and facebook.com) will negatively affect Workplace.
- Work with your email administrator to add the fbworkmail.com domain to a safe senders list in your organization's email client. New users will claim their Workplace accounts through an invitation link sent via email. If you have email-less workers, you can invite them by following these instructions.
Decide on your provisioning strategy for adding and removing users:
Admins can add or remove users from Workplace using the following methods:
- Manually: add new users individually.
- In Bulk: add users in bulk using a spreadsheet.
- Automated: connect Workplace to your Cloud Identity Provider or directly from Active Directory.
Provisioning allows sytem administrators to create profiles for their users in advance before inviting them to Workplace. Workplace administrators and the launch project team can then prepare the community by creating groups and adding members to them. Once everything is ready, admins can invite people to activate their individual profiles. By preparing the community admins can ensure that everyone is set up with relevant groups and content to explore when they log in to Workplace for the first time.
Once a Workplace profile has been provisioned for a member of your community, members will need to be invited to activate their profiles. Once invitations are sent and members activate their profiles, they can then start using Workplace. Until members are invited to use Workplace, they will be unaware they have a provisioned profile. When a profile is in an uninvited state:
- The member cannot activate their profile and any attempts to do so will fail
- The member will not receive any emails or other notifications from Workplace
When you are ready for your members to be made aware that they have a profile to activate, you will invite them to Workplace. Once they are invited, members will receive an email inviting them to activate their profile through a uniquely generated URL. For SSO-enabled accounts, members will also have the option of claiming through logging into Workplace through your configured SSO service.
Employees that don't have company email addresses can be invited to Workplace using access codes. Learn more about email-less account management here.
Visit the Technical Resources for more information on the account lifecycle.
Set your invite preferences:
Choose from the following admin invite settings to control who can join your Workplace:
- Only people who are invited can join: meaning that others can only join if invited by an admin or an active user.
- Anyone from the following email domains can join: meaning anyone from a verified or allow listed domain can join without being invited.
Any user can either add or request to add a new employee depending on your access request settings. Admins can choose from three access request settings to choose how new users are approved to join your Workplace:
- Admins must approve all requests to join this Workplace: Any invite sent by a non-admin must be approved by an administrator.
- Automatically approve requests from these email domains: Choose this option if you want to make your Workplace open to any person with a corporate email address from any of the domains you verified or allow listed.
- Automatically approve all requests: Any new user can join Workplace without admin approval.
Set your authentication method:
Your autehntication method determines how your users will log in to Workplace. You can choose from the following options:
- Ask users to set a secure and unique password.
- Require users to authenticate via Single Sign-on (SSO)*.
*Keep in mind that only verified domains can enable Single Sign-On.
Tips for enabling broad Workplace adoption:
Enlist your IT team's help to drive Workplace adoption with these tips. You can find more strategies for boosting adoption in this guide.
- For managed desktops: use the Workplace Chat MSI to push the Workplace Chat app to all Windows desktops.
- For managed mobile-devices: Use Workplace support AppConfig to distribute the Workplace and Workplace Chat mobile applications through your Enterprise Mobility Management solution.
- Broadcast to your organization through Live Video. An executive going live is a great way to get users to claim their account.
- Announce the launch of Workplace by leveraging available communication channels in your organization to tell users about Workplace. Some ideas:
- Set the default browser homepage to your company's unique Workplace login URL.
- Set employee's desktop background to a custom Workplace announcement.