You need to grant and revoke access to Workplace as people join and leave your organization. This set of guides introduces the concepts of account provisioning and deactivation, and outlines how to integrate with your Active Directory or Cloud Identity Provider to provision accounts for your employees.
Why Provisioning Matters
To connect your organization, it's important that employees can find and tag each other when collaborating. In Workplace, employee accounts can be searched, discovered and added to groups by their peers and managers, even before they start using their account for the first time. This is only possible if accounts are provisioned in advance.
Why Deactivating Matters
When employees leave your company, it's crucial that they no longer have access to the content on Workplace.
If you're using Single Sign-On (SSO), you can prevent access for a specific account when an employee leaves, but this doesn't deactivate the account, and the account holder may still receive email notifications from Workplace. Other employees will continue to be able to find and message that account, with no indication that the individual has left, which is a poor user experience.
To properly ensure that ex-employees are excluded from seeing your content, Workplace supports and recommends implementing account deactivation.