2. Technical Integration
Integrating Workplace into your IT systems sets your organization up for long-term success and security. The goal is to make it as seamless as possible to manage accounts as people join and leave the organization. Additionally, we want to ensure that people have the best experience with Workplace, regardless of whether they are working from a mobile device or desktop. Direct your IT project lead to our Technical Resources for more in-depth information on our technical integration best practices.
When connecting Workplace to your IT systems you should consider the following:Accessing Workplace
Make sure everyone can access the Workplace website from the corporate network, and also leverage the Workplace and Workplace Chat mobile apps
Receiving emails from Workplace
Ensure people can receive their invitation to join Workplace by ensuring emails from Workplace don't get picked up by any organizational level spam filters
Manage Workplace user membership through a directory or single source of truth for who works at your organization. For most this will be connecting Workplace to an identity provider like Active Directory, however, we also offer the ability to provision & deprovision users via a .csv file
The IT team can help you launch successfully by following a few simple best practices such as setting people's desktop background/screensaver to a Workplace announcement and pre-installing the Workplace desktop and mobile apps on their work devices
Tactical how to
Verifying your Workplace domain makes your Workplace account “official” for your entire organization and prevents other people with the same email domain from creating other, separate Workplaces. Domain verification also allows you to:
- Enable Single Sign-On
- Edit personally identifiable information
- Send users notifications prior to their profiles being activated
If you choose not to verify your domain, you also have the option to allow list it. Allow listing your domain allows other people with the same email domain to create separate Workplace accounts. If you choose to allow list your domain you can still verify it at any time.
Learn how to verify or allow list in the Workplace Technical Resources.
Enable user access to Workplace:
- Allow list domains used by the Workplace service. Workplace is built on the same technology that powers Facebook and any domain restrictions to prevent network access to Facebook (and facebook.com) will negatively affect Workplace.
- Work with your email administrator to add the fbworkmail.com domain to a safe senders list in your organization's email client. New users will claim their Workplace accounts through an invitation link sent via email. If you have email-less workers, you can invite them by following these instructions.
Admins can add or remove users from Workplace using the following methods:
- Manually: add new users individually.
- In Bulk: add users in bulk using a spreadsheet.
- Automated: connect Workplace to your Cloud Identity Provider or directly from Active Directory.
By having a separate status for invited and uninvited members, we allow Workplace administrators to provision members in advance and invite them when ready. Workplace administrators can prepare a community by creating groups and adding members to them. Once everything is prepared, the administrators can invite the members to claim their individual accounts and they will already be a part of relevant groups.Invitation process:
Once a Workplace account has been provisioned for a member of your community, they need to be invited to claim their account. Once they claim their account, they can then start using Workplace. Until members are invited to use Workplace, they will be unaware they have a provisioned account. When an account is in an uninvited state:
- The member cannot claim their account and any attempts to do so will fail
- The member will not receive any emails or other notifications from Workplace
When you are ready for your members to be made aware that they have an account to claim, you will invite them to Workplace. Once they are invited, members will receive an email inviting them to claim their account through a uniquely generated URL. For SSO-enabled accounts, members will also have the option of claiming through logging into Workplace through your configured SSO service.
Employees that don't have company email addresses can be invited to Workplace using access codes. Learn more about email-less account management here.
Visit the Technical Resources for more information on the invitation process.Set your invite preferences:
Choose from the following admin invite settings to control who can join your Workplace:
- Only people who are invited can join: meaning that others can only join if invited by an admin or an active user.
- Anyone from the following email domains can join: meaning anyone from a verified or allow listed domain can join without being invited.
Any user can either add or request to add a new employee depending on your access request settings. Admins can choose from three access request settings to choose how new users are approved to join your Workplace:
- Admins must approve all requests to join this Workplace: Any invite sent by a non-admin must be approved by an administrator.
- Automatically approve requests from these email domains: Choose this option if you want to make your Workplace open to any person with a corporate email address from any of the domains you verified or allow listed.
- Automatically approve all requests: Any new user can join Workplace without admin approval.
How will users log in to Workplace?
- Ask users to set a secure and unique password.
- Require users to authenticate via Single Sign-on (SSO)*.
- For Managed Desktops: use the Workplace Chat MSI to push the Workplace Chat app to all Windows desktops.
- For Managed Mobile-devices: Use Workplace support AppConfig to distribute the Workplace and Workplace Chat mobile applications through your Enterprise Mobility Management solution.
- Broadcast to your organization through Live Video. An executive going live is a great way to get users to claim their account.
- Announce the launch of Workplace by leveraging available communication channels in your organization to tell users about Workplace. Some ideas:
- Set the default browser homepage to your company's unique Workplace login URL.
- Set employee's desktop background to a custom Workplace announcement.
- Whitelist your domains and ports used by Workplace.
- Manage employee accounts.
- Manage users' access to Workplace
- Supercharge Workplace adoption by making Workplace apps easily accessible.