Account Management



Learn how you can create, update, and deactivate user accounts on Workplace.
Overview

Overview

While Workplace allows you to manage accounts manually or in bulk by using a spreadsheet, we recommend that you automate your account management to have better control over your people. With an automated account management tool in place, a user account will be automatically created, updated or deactivated in Workplace when the account is created, updated or deactivated in your organization's user repository.

Workplace has an out of the box integration with the largest Cloud Identity Providers such as Azure AD, G Suite, Okta, OneLogin and Ping.

You can connect your Cloud Identity Provider by:

In case that your organization uses a different central user repository, you can use the Account Management SCIM API to create your own custom account management tool.

Connect via Third Party Integration

Connect via Third Party Integration

In this section we cover how to connect Workplace with a Cloud Identity Provider that your organization manages by using a Workplace Third-Party Integration.

Prerequisites

To enable this configuration, the following is required:

  • Your organization uses a Cloud Identity Provider that integrates with Workplace.
  • You have integrated your master identity store (e.g., Microsoft Active Directory or Oracle Directory Server) with the Cloud Identity Provider to synchronize user accounts.
  • A user in Workplace who has a role of System Administrator.
  • Your users' email domains have been verified (recommended) or allow listed in Workplace.

Generate an access token

Before configuring the Workplace application on the cloud identity provider, you'll need to create a custom integration with the permission to manage accounts. Once, the custom integration is created, you'll be able to create an access token which you'll need during the configuration of the Workplace application in the Cloud Identity Provider.

1
Log in with a user who has the role of System Admin.

2
Go to the Admin Panel and navigate to the Integrations section.

3
Click on the Create Custom Integration button.

4
Fill out a name (mandatory) and a description (optional) for the custom integration.

5
Click on the Create button.

You're now guided to the custom integration configuration where you will see the possibility to apply Integration Permissions.

1
Scroll to the Integration Permissions section.

2
Enable the permission Manage Accounts.

3
You can enable the setting Automatically invite people to Workplace as soon as they're added using this integration in case you want to immediately invite users when they are created by this integration.

Next step is to create an access token which will be used to configure the Cloud Identity Provider.

1
Scroll up and click on the Create Access Token button.

2
You'll see a window which will ask you if you're using the access token for in-house development or creating it on behalf of an external developer.

3
A window with an access token will now show up.

4
Click on the Copy button and store the access token in a secure location.

5
Check the I understand checkbox.

6
Click on the Done button.

7
Scroll down to the bottom of the custom integration page.

8
Click on the Save button to save the custom integration.

Configure your Cloud Identity Provider

Given that each Cloud Identity Provider has created their own integration with Workplace, you'll need to follow their documentation in order to complete the provisioning process.

List of supported Cloud Identity Providers

G-Suite
Azure AD
Okta
OneLogin
Ping

?
After a cloud connector is installed you can enable the setting Automatically invite people to Workplace as soon as they're added using this integration in case you want to immediately invite users when they are created by this integration.
Connect via Workplace Import

Connect via Workplace Import

!
This ability to add new users to Workplace via the IDP integration will be temporarily disabled for new users from the 13th August while we make improvements. Customers already using the integration to provision users will not be impacted.

In this section we cover how to connect Workplace with a Cloud Identity Provider that your organization manages by using Workplace Import. Workplace Import support G Suite and Azure AD.

G Suite Integration

G Suite Integration

If the users in your organisation are managed using G Suite, then using Workplace Import from G Suite is the right solution to add, update, and disable users in Workplace automatically.

?
Workplace Import from G Suite does not currently support multi-IdP integration. If your organisation is using multiple G Suite directories today, please consider consolidating into a single directory.

Prerequisites

Configure the G Suite Integration

For a successful setup make sure to follow the steps below:

1
In the Admin Panel, select People.

2
Click + Add People.

3
Click Connect an Identity Provider.

4
Select G Suite. The Set up G Suite as your Identity Provider window opens.

5
Click Connect, and log in using your G Suite admin account.

6
Select from: Add everyone, Add people from different departments, Add people that are part of a specific structure in your organisation (for example, report to the same manager).

7
Configure Invitations. Choose when you want to invite the users: You can send invitations automatically at the end of this configuration process or you can send invitations at a later date independent of this configuration process.

8
Select Create users to create the accounts.
?
The user profile attributes that will be automatically mapped are the following: email, externalID, firstName, lastName, fullName, manager, jobTitle, department, phoneNumber, location, isActive.
Manage via SCIM API

Manage via Account Management API

In case you don't want to use one of the supported Cloud Identity Providers, you can build your own custom automated account management tool. Take a look at our Developer Documentation to see how you can create, update and deactivate users with the Account Management API.