English (US)
Log in
主頁
主頁
GETTING STARTED
Get your whole company connected in as little as 5 weeks.
Choosing Workplace
Let's get into all the reasons that Workplace is the right choice for your business.
Solutions
From leveling-up company communication to building a better culture, we’re here to solve your toughest challenges.
Customer Stories
Find out how organizations like yours are using Workplace to solve their most important business challenges.
Why Workplace
Why Workplace? Because it's familiar, mobile, secure, integrated and connects everyone. Why else?
Diversity & Inclusion
We’re doing our bit for a better world by making sure every employee feels seen, heard and valued.
Future of Work
Learn how to take your first step into the metaverse with Meta's hardware and software solutions.
How can Workplace help you?
From leveling-up company communication to building a better culture, we’re here to solve your toughest challenges.
Business Communication
Our easy-to-use tools will make your most important messages unmissable, and your intranet inspirational.
Employee Engagement
Ditch the email for more engaging company-wide conversations that give every employee a voice.
Strengthen Culture
Show people you’re committed to culture by empowering everybody to be the best version of themselves.
Getting Connected
Bring your entire organization together on Workplace, even if they don't have an email address.
Frontline Workers
61% of frontline managers say there’s a disconnect in communication with head office. We help close the gap.
Remote and Hybrid Working
Whether they’re working from home or the office, Workplace keeps your employees connected to your company’s culture.
Browse All
Organizations of all shapes and sizes are gaining a competitive edge with Workplace. Find your favorite story.
Podcasts
Listen to our Pioneer Podcasts to hear some of our favorite success stories from our biggest champions.
TECHNICAL RESOURCES CENTER
Get help with setting up Workplace, managing domains and other technical issues.
Mastering Workplace Features
Ready to become a Workplace pro? Learn all the ins-and-outs of our key features with in-depth guides, step-by-step user instructions and resource hubs.
Technical Resources
You don't have to be an IT genius to launch Workplace, but if you are then these technical resources are for you.
Help Center
Find step-by-step instructions and answers to frequently asked questions.
Support
Still can't find what you're looking for? Get in touch with a team of experts for more hands-on support.
What's New in Workplace
Stay up to speed with all the latest Workplace innovations, feature announcements and product updates.
Set up Guides
From adding a domain to inviting users, follow this step-by-step guide to set up your Workplace.
Domain Management
Find out why domain management matters - and how to do it properly.
Workplace Integrations
Discover how to bring all your tools together. Something missing? Learn how to build your own integrations.
Account Management
Keep your Workplace up to date by creating, maintaining or deactivating user accounts.
Authentication
Make sure you only give access to the right people by integrating with your current identity solutions.
IT Configuration
Learn how to keep Workplace running smoothly with info on networks, email whitelisting and domains.
Account Lifecycle
Understand the process of inviting members of your organization to claim their accounts.
Security and Governance
Get the lowdown on how we keep your people and information safe on Workplace with added technical terminology.
Workplace API
Learn how you can automate and integrate your custom solutions with Workplace using our API.
Getting started
From launching Workplace to paying for it, learn more about those crucial first steps.
Using Workplace
This is where we reveal the hidden depths Workplace has to offer with tips and info on key features.
Managing Workplace
Got a specific question about managing content, data or employees? This is the place to ask it.
IT and Developer Support
Looking for answers to more technical questions about security, integration and the like? Start here.
Support
Still can't find what you're looking for? Get in touch with a team of experts for more hands-on support.
Get in touch
Need help with your Workplace account? Fill out this form to get all the answers you need from our customer support.
Security
    Customer Stories
    Workplace for Good
      Getting Started
        Interactive Demo
          Pricing Plans
            Forrester ROI Study
              Events & Webinars
                Ebooks & Guides
                  Newsroom
                    Become A Partner
                      Service & Reseller Partners
                        Integrations Partners
                          Start Using Workplace
                            Mastering Workplace Features
                            Workplace Use Cases
                              Workplace Academy
                                Customer Communities
                                  English (US)

                                  Workplace Blueprints > Identity Change Management

                                  Learn about complex organizations and advanced scenarios in Workplace.

                                  Contents

                                  Overview

                                  Overview

                                  After a Workplace launch, organizations’ technical setups can change for a variety of reasons, such as adoption of new solutions, mergers and acquisition or organic digital evolution. These changes can affect how Workplace is deployed from an account management standpoint. Workplace supports different provisioning and user authentication methods. In this article we cover how to seamlessly migrate from one Workplace identity architecture to another in some of the most common scenarios organisations can encounter:

                                  Migration from Bulk (with spreadsheet) to Automatic provisioning

                                  Migration from Bulk (with spreadsheet) to Automatic provisioning

                                  While Workplace allows you to manage accounts manually or in bulk by using a spreadsheet/csv file, we highly recommend you to automate your account management in order to improve profile fields accuracy, automate deprovisioning, and reduce operational cost. With an automated account management tool in place, a user account will be automatically created, updated and deactivated in Workplace according to your Cloud Identity Provider (IdP).

                                  Follow the steps in this guide to set up your Identity Provider to automate the user account management in Workplace and remove the need to manually add/edit/deactivate users in bulk. You will need to have a Workplace Admin role assigned and have administrative access to your Cloud IdP instance as well in order to make these changes.

                                  1
                                  Perform a clean-up of your Workplace by disabling users who should no longer be part of it.

                                  2
                                  IMPORTANT: Validate that active Workplace users have the same email address in your Cloud IdP (UPN or email). This verification will prevent the Cloud IdP from creating duplicate accounts.

                                  3
                                  If, as part of this activity, you also need to change email addresses of your users in the Workplace, follow the steps in the Bulk change email addresses section before proceeding to the next step.

                                  4
                                  After verifying that users have the same email address in Workplace and Cloud IdP, proceed with configuring automatic provisioning in your IDP and activate synchronization as described in Workplace Tech Resources - Account Management.
                                  Email addresses bulk change

                                  Email addresses bulk change

                                  If your company decides to change the primary email address (i.e email domain) for all users or some users in your organisation, you will need to edit your users' email addresses in Workplace first. Here are some recommendations for Workplace Administrators to perform this type of change:

                                  1
                                  Verify the new domain in Workplace. Follow instructions in Workplace Tech Resources - Domain Verification article.

                                  2
                                  If you currently have automatic provisioning configured via Cloud IdP or SCIM API, pause the sync between the platforms.This would ensure existing accounts are not impacted in any way during the migration.

                                  3
                                  If you are using a SSO provider, validate that the new email domain has been assigned to a Workplace SSO provider.

                                  4
                                  Before performing the change on all accounts, it's recommended to run a manual test with one user to check that their access to Workplace is not affected. Change the user email address manually via the Admin Panel and perform a clean authentication (i.e. by using an incognito browser session). If authentication is successful, you can proceed with the update of the accounts.

                                  5
                                  Administrators can change the email of Workplace users in scope manually via Admin Panel or programmatically, via API. Here are some script samples using Workplace API GitHub|Workplace Samples - Script Powershell and GitHub|Workplace Samples - Script Python).

                                  6
                                  Validate that your identity sources (e.g. Cloud IDP) have the correct emails assigned to the users in scope for the change before reactivating the connector.

                                  7
                                  Configure the new Cloud IdP provisioning connector or reactivate the sync. In the case of configuring a new Cloud IdP, remember to disable the old Cloud IdP configuration.

                                  8
                                  After a provisioning connector synchronisation cycle,export a list of all Workplace users, via API or via CSV, to verify and confirm that all users have the new email domain.
                                  Changing SSO Configuration

                                  Changing SSO Configuration

                                  If you plan to move to a new SSO provider (e.g. from ADFS to Azure Active Directory) or change some SSO provider settings (e.g. update your certificate) follow these recommendations:

                                  1
                                  Configure at least one “break-glass” system administrator account to authenticate to Workplace via username / password (preferably with MFA enabled). In case of an outage or any other problem with the SSO provider configuration, these admins will be able to access Workplace normally, troubleshoot Workplace side, and even change the method of authentication to key users of the platform. Confirm emergency administrators have access to the Admin Panel and have the System Admin role assigned before moving to the next step.

                                  2
                                  Ensure the migration is done according to your organization's IT change governance schedule (under a proper maintenance Window), and outside the business hours.

                                  3
                                  To minimise disruptions for your users, edit the current SSO configuration on Workplace under the Admin Panel instead of deleting it.

                                  4
                                  If you want to force re-authentication for all your users, this can be done from the SSO configuration screen in the Admin Panel (Under Security > Authentication >SAML Reauthentication and select the option "Force everyone to authenticate again now ").

                                  5
                                  In case all admins get locked out accidentally and you need to contact Workplace support, please use this form to request assistance.