English (US)
Log in
Главная
Главная
GETTING STARTED
Get your whole company connected in as little as 5 weeks.
Choosing Workplace
Let's get into all the reasons that Workplace is the right choice for your business.
Solutions
From leveling-up company communication to building a better culture, we’re here to solve your toughest challenges.
Customer Stories
Find out how organizations like yours are using Workplace to solve their most important business challenges.
Why Workplace
Why Workplace? Because it's familiar, mobile, secure, integrated and connects everyone. Why else?
Diversity & Inclusion
We’re doing our bit for a better world by making sure every employee feels seen, heard and valued.
Future of Work
Learn how to take your first step into the metaverse with Meta's hardware and software solutions.
How can Workplace help you?
From leveling-up company communication to building a better culture, we’re here to solve your toughest challenges.
Business Communication
Our easy-to-use tools will make your most important messages unmissable, and your intranet inspirational.
Employee Engagement
Ditch the email for more engaging company-wide conversations that give every employee a voice.
Strengthen Culture
Show people you’re committed to culture by empowering everybody to be the best version of themselves.
Getting Connected
Bring your entire organization together on Workplace, even if they don't have an email address.
Frontline Workers
61% of frontline managers say there’s a disconnect in communication with head office. We help close the gap.
Remote and Hybrid Working
Whether they’re working from home or the office, Workplace keeps your employees connected to your company’s culture.
Browse All
Organizations of all shapes and sizes are gaining a competitive edge with Workplace. Find your favorite story.
Podcasts
Listen to our Pioneer Podcasts to hear some of our favorite success stories from our biggest champions.
TECHNICAL RESOURCES CENTER
Get help with setting up Workplace, managing domains and other technical issues.
Mastering Workplace Features
Ready to become a Workplace pro? Learn all the ins-and-outs of our key features with in-depth guides, step-by-step user instructions and resource hubs.
Technical Resources
You don't have to be an IT genius to launch Workplace, but if you are then these technical resources are for you.
Help Center
Find step-by-step instructions and answers to frequently asked questions.
Support
Still can't find what you're looking for? Get in touch with a team of experts for more hands-on support.
What's New in Workplace
Stay up to speed with all the latest Workplace innovations, feature announcements and product updates.
Set up Guides
From adding a domain to inviting users, follow this step-by-step guide to set up your Workplace.
Domain Management
Find out why domain management matters - and how to do it properly.
Workplace Integrations
Discover how to bring all your tools together. Something missing? Learn how to build your own integrations.
Account Management
Keep your Workplace up to date by creating, maintaining or deactivating user accounts.
Authentication
Make sure you only give access to the right people by integrating with your current identity solutions.
IT Configuration
Learn how to keep Workplace running smoothly with info on networks, email whitelisting and domains.
Account Lifecycle
Understand the process of inviting members of your organization to claim their accounts.
Security and Governance
Get the lowdown on how we keep your people and information safe on Workplace with added technical terminology.
Workplace API
Learn how you can automate and integrate your custom solutions with Workplace using our API.
Getting started
From launching Workplace to paying for it, learn more about those crucial first steps.
Using Workplace
This is where we reveal the hidden depths Workplace has to offer with tips and info on key features.
Managing Workplace
Got a specific question about managing content, data or employees? This is the place to ask it.
IT and Developer Support
Looking for answers to more technical questions about security, integration and the like? Start here.
Support
Still can't find what you're looking for? Get in touch with a team of experts for more hands-on support.
Get in touch
Need help with your Workplace account? Fill out this form to get all the answers you need from our customer support.
Security
    Customer Stories
    Workplace for Good
      Getting Started
        Interactive Demo
          Pricing Plans
            Forrester ROI Study
              Events & Webinars
                Ebooks & Guides
                  Newsroom
                    Become A Partner
                      Service & Reseller Partners
                        Integrations Partners
                          Start Using Workplace
                            Mastering Workplace Features
                            Workplace Use Cases
                              Workplace Academy
                                Customer Communities
                                  English (US)

                                  Workplace Blueprints > Complex Organizations

                                  Learn about complex organizations and advanced scenarios in Workplace.

                                  Overview

                                  Overview

                                  In many organizations, connecting employees might be challenging due to the complexity of the organizational structure. Examples include:

                                  • Conglomerates: Employees belong to different companies with different email domains. These might be competing companies or brands within the same conglomerate
                                  • Merger and acquisition: Employees belong to recently acquired or merged companies, with completely separate IT infrastructure and governance.
                                  • Franchises: Some markets have strict requirements for franchisee data to remain separate from the franchisor.

                                  This article will address some of the key considerations or challenges organizations like these might encounter during their Workplace setup.

                                  Considerations

                                  Considerations

                                  This section will help guide Workplace admins choosing the best deployment approach, based on their requirements.

                                  Multiple Separate Workplaces

                                  Workplace is identified with a specific subdomain, e.g. yourcompany.workplace.com

                                  Workplace works better when all employees have access to a shared community as part of their company. However, in some cases, organizations have legal or regulatory requirements to keep all data completely separate between different parts of the company (e.g. if their company is composed of separate legal entities or there’s a strict data separation policy in place between them).

                                  Account Management

                                  Deciding which employees should be granted access and how to provision their accounts are key deployment steps. For many organizations there is no single source of truth for employee information. Employee information may come from separate systems depending on the organisational structure.

                                  At this stage, companies should consider whether:

                                  • A single instance or multiple instances are needed.
                                  • All user profiles and employee data that need to be provisioned in Workplace are stored in a single directory or they have multiple sources of truth (e.g. multiple separate identity systems).
                                  • They plan to provision accounts manually or by implementing automatic provision (recommended).
                                  • The same email domain will be used across multiple Workplaces. Companies should also assess if they have domain management rights to verify these domains in Workplace (e.g. access to DNS controls).

                                  Authentication

                                  Deciding on the right authentication method is key to the success and security of your deployment. Different parts of your organization might use different methods of authentication. Furthermore, these systems might be owned by separate teams.

                                  At this stage, companies should consider whether:

                                  • All users (independently of which instance they belong to) have a corporate identity.
                                  • Users will authenticate to Workplace via SSO, password or a mix of both.
                                  • Their users are using multiple SSO providers to access other corporate solutions (e.g. a portion of their users uses Azure AD for SSO while another portion uses Google Identity).
                                  • For the domains they plan to be SSO enabled, if they have domain management rights to verify these domains in Workplace (e.g. access to DNS controls).
                                  • For users they plan to not be using SSO for access to Workplace, they intend to adopt two-factor authentication.
                                  Deployment Options

                                  Deployment Options

                                  In the next section we cover some of the most common deployment approaches for complex organizations:

                                  • A single Workplace - Single SSO Provider
                                  • A single Workplace - Multiple SSO Providers
                                  • Multiple Separate Workplaces

                                  1. Single Workplace - Single SSO Provider

                                  !
                                  Recommendation: This approach is recommended if your users can authenticate either through the same tenant of your IDP or through username/password, and there are no specific requirements that would oblige you to establish separate Workplaces.

                                  In this option all of your employees are provisioned onto a single Workplace. You are using a single SSO solution for all verified email domains, or you allow some of your users to authenticate via username/password. Any accounts from allow-listed domains are allowed to authenticate via username/password.

                                  Provisioning

                                  • Identify the source or sources of information in which your employee data is stored. In complex organisations, different parts of the company may have separate employee directories.
                                  • Users can be provisioned automatically using any of the out-of-the-box Cloud IdP connectors. If your employee data is currently stored in a system for which no out-of-the-box integration is available, you can also build a custom connector using Workplace APIs.

                                  Authentication

                                  • Verified domain users can authenticate using a single SSO provider. Follow these instructions to set up SSO for all your verified email domains. If necessary, users can also authenticate via username/password.
                                  • Allow-listed domain users can only authenticate via username/password.

                                  Diagram

                                  2. Single Workplace - Multiple SSO Providers

                                  !

                                  Recommendation: This approach is recommended if different parts of the company are authenticating through multiple systems (e.g. multiple Azure tenants, Okta, Google Workspace, etc.), and you want to bring your entire organization together on one platform to communicate seamlessly.

                                  The Multiple-SSO feature is only supported in our Workplace Enterprise Plan.

                                  In this option all of your employees are provisioned onto a single Workplace. However, accounts may authenticate using SSO through multiple IdPs.

                                  Provisioning

                                  • Identify the source of information where your employee data is stored. In complex organisations, different parts of the company may have separate employee directories.
                                  • Users can be provisioned automatically using any of the out-of-the-box Cloud IdP connectors. If your employee data is currently stored in a system for which no out-of-the-box integration is available, you can also build a custom connector using Workplace APIs.

                                  Authentication

                                  • Verified domain users can authenticate using multiple SSO providers. For each email domain you will be able to set different SSO settings in the Workplace Admin panel. If required, users can also be configured to authenticate via username/password.
                                  • Allow-listed domain users can only authenticate via username/password.

                                  Diagram

                                  Use Case Example

                                  • A government department that was formed by grouping of multiple separate government agencies had separate Cloud IdPs. They set up a new Workplace instance, bringing people from all different agencies together onto the same Workplace, with each individual agency's employees provisioned and authenticated through a separate Cloud IdP

                                  3. Multiple separate Workplaces

                                  !

                                  Recommendation: This approach is recommended if your company has any legal or hard business requirements to keep employees from different parts of the organization completely separate from each other.

                                  In this option employees from different parts of the company are provisioned into completely separate Workplaces. All or some administrative functions will be completely separate.

                                  Domain Verification

                                  Consider whether in your case, employees of each separate Workplace will also be using completely different email domains.

                                  If there is a need to share an email domain across multiple Workplaces, this domain will have to be verified for each individual instance before you can set up your provisioning and authentication. This option is administered by Workplace support teams. Please contact us if this is the case and you need assistance.

                                  Provisioning and Authentication

                                  Each Workplace can be set up entirely separately, with provisioning and authentication happening through the relevant Identity Providers.

                                  Content Distribution

                                  For some companies, despite the need for overall separationness between different parts of the business, there is still a need to share some content across all users (e.g. corporate announcements relevant to all instances).

                                  Use Case Example

                                  • A large chain of franchise restaurants had the need to set up separate instances for each franchisee. However, they had the need to share corporate communications to all franchisees. They implemented a custom integration using the Workplace Graph API to post corporate communications simultaneously to all instances.