Workplace by Facebook

This guide provides the steps required to configure Provisioning for Workplace by Facebook.


  • Import New Users
  • Import Profile Updates
  • Import User Schema
  • Push New Users
  • Push Profile Updates
  • Push Password Updates
  • Push User Deactivation
  • Push Group*


    If you want to use group push for Workplace by Facebook, contact Okta Support and ask them to enable FACEBOOK_AT_WORK_ENABLE_GROUP_PUSH_ENHANCEMENTS.


To enable Provisioning Features, you need to first obtain an Organization ID from Facebook.

Once you receive your Organization ID, you can create a new Facebook application, as described below.


  1. In Okta, navigate to Admin Console > Applications, then click Add Application.
  2. Search for Workplace by Facebook, then click Add:

  3. Under General Settings, enter an Application label, your SubDomain, and Organization ID (see REQUIREMENTS) values, then click Done:

  4. Select the Provisioning tab, then click Configure API Integration:

  5. Check Enable API integration, then click Authenticate with Workplace by Facebook:

  6. A new window with your Workplace organization will open, you may be required to enter your Facebook administrator credentials to allow Okta to use the API on your behalf. To do this, click Add to Workplace. Note that the Add Okta Identity to groups option should be selected as All groups.

  7. After a series of redirects happen, your new application is configured, click Save and close this window with your Facebook org settings.

  8. Once you see a Workplace by Facebook was verified successfully message, click Save.
  9. Select To App in the left panel, then select the Provisioning Features you want to enable, then click Save:


Workplace by Facebook supports User's Schema Discovery, so you can add extra attributes to User's Profile. To do that in Okta:

  1. Navigate to Directory > Profile Editor.
  2. Select the APPS section in the left pane, then find your app in the list.
  3. Check the list of the attributes. If you don't find what you need, click Add Attribute to display a list of extended attributes.
  4. Check the attributes you want to add, then click Save.
  5. You are now able to import and push these User attributes values from/to Facebook.

Location attribute:

By default, when creating/updating a Facebook User, Okta populates User Location with comma-separated address properties (street, city, state, etc.). If this behavior does not fit your needs, you can add a Location field to AppUser through Schema Discovery and map it accordingly, as follows:

  1. Click Refresh Attribute List.
  2. Find the Location field in the list of attributes.
  3. Add it to the AppUser profile.
  4. Setup mapping for the Location field from Okta to Workplace by Facebook.

    For example: > location



Our current Workplace Facebook connector is capable of pulling manager/employee relationship from a single AD domain, but for those using provisioning with Okta into Facebook and pulling user data from multiple AD domains, Okta cannot provision users due to an inability to pull these relationships across multiple domains. This is a known limitation we plan on resolving in the near future.