Home
Home

Account management



Learn how you can create, update and deactivate user accounts on Workplace.
Overview

Overview

While Workplace allows you to manage accounts manually or in bulk by using a spreadsheet, we recommend that you automate your account management to have better control over your people. With an automated account management tool in place, a user account will be automatically created, updated or deactivated in Workplace when the account is created, updated or deactivated in your organisation's user repository.

Workplace has an out-of-the-box integration with the largest cloud identity providers such as Azure AD, G Suite, Okta, OneLogin and Ping.

You can connect your cloud identity provider by:

If your organisation uses a different central user repository, you can use the Account Management SCIM API to create your own custom account management tool.

Connect via third-party integration

Connect via third-party integration

In this section, we cover how to connect Workplace with a cloud identity provider that your organisation manages by using a Workplace third-party integration.

Prerequisites

To enable this configuration, the following is required:

  • Your organisation uses a cloud identity provider that integrates with Workplace.
  • You have integrated your master identity store (e.g. Microsoft Active Directory or Oracle Directory Server) with the cloud identity provider to synchronise user accounts.
  • A user in Workplace who has a role of system administrator.
  • Your users' email domains have been verified (recommended) or allow listed in Workplace.

Generate an access token

Before configuring the Workplace application on the cloud identity provider, you'll need to create a custom integration with the permission to manage accounts. Once, the custom integration is created, you'll be able to create an access token, which you'll need during the configuration of the Workplace application in the cloud identity provider.

1
Log in with a user who has the role of system admin.

2
Go to Admin Panel and navigate to the Integrations section.

3
Click on the Create Custom Integration button.

4
Enter a name (mandatory) and a description (optional) for the custom integration.

5
Click on the Create button.

You will now be guided to the custom integration configuration where you will see the possibility to apply integration permissions.

1
Scroll to the Integration permissions section.

2
Enable the permission Manage accounts.

3
You can enable the setting Automatically invite people to Workplace once they've been added using this integration if you want to immediately invite users when they have been created by this integration.

The next step is to create an access token which will be used to configure the cloud identity provider.

1
Scroll up and click on the Create Access Token button.

2
You'll see a window which will ask you if you're using the access token for in-house development or creating it on behalf of an external developer.

3
A window with an access token will now show up.

4
Click on the Copy button and store the access token in a secure location.

5
Tick the I understand checkbox.

6
Click on the Done button.

7
Scroll down to the bottom of the custom integration page.

8
Click on the Save button to save the custom integration.

Configure your cloud identity provider

Given that each cloud identity provider has created their own integration with Workplace, you'll need to follow their documentation in order to complete the provisioning process.

List of supported cloud identity providers

G-Suite
Azure AD
Okta
OneLogin
Ping

?
After a cloud connector has been installed, you can enable the setting Automatically invite people to Workplace as soon as they've been added using this integration if you want to immediately invite users when they have been created by this integration.
Connect via Workplace Import

Connect via Workplace Import

In this section, we cover how to connect Workplace with a cloud identity provider that your organisation manages by using Workplace Import. Workplace Import support G Suite and Azure AD.

G Suite integration

G Suite integration

If the users in your organisation are managed using G Suite, then using Workplace Import from G Suite is the right solution to add, update and disable users in Workplace automatically.

?
Workplace Import from G Suite does not currently support multi-IdP integration. If your organisation is using multiple G Suite directories today, please consider consolidating into a single directory.

Prerequisites

Configure the G Suite integration

For a successful setup, make sure that you follow the steps below:

1
In the Admin Panel, select People.

2
Click + Add people.

3
Click Connect an identity provider.

4
Select G Suite. The Set up G Suite as your identity provider window opens.

5
Click Connect, and log in using your G Suite admin account.

6
Select from: Add everyone, Add people from different departments, Add people that are part of a specific structure in your organisation (for example, report to the same manager).

7
Configure invitations. Choose when you want to invite the users: You can send invitations automatically at the end of this configuration process or you can send invitations at a later date independent of this configuration process.

8
Select Create users to create the accounts.
?
The user profile attributes that will be automatically mapped are the following: email, externalID, firstName, lastName, fullName, manager, jobTitle, department, phoneNumber, location, isActive.
Manage via SCIM API

Manage via Account Management API

If you don't want to use one of the supported cloud identity providers, you can build your own custom automated account management tool. Take a look at our Developer documentation to see how you can create, update and deactivate users with the Account Management API.