FAQs

Q: What are Meta work accounts?

A: Meta work accounts are an account type for business tools across Meta. Organizations are able to manage these accounts with administrative features including single sign-on (SSO) support, automated account provisioning and more. With work accounts, individuals can access Meta’s business tools (i.e. Business Manager), with their work credentials, separating login from their personal Facebook account. We plan to make work accounts available in H2 2023 to a limited number of clients.

Q: Which tools can be accessed with Meta work accounts? Is there a limit to the number of tools that can be used?

A: We plan on making Meta work accounts available as an option to access Meta business tools that are currently available in Business Manager.

Q: Are Meta work accounts managed at the business/organization-level or at the individual user-level?

A: Migration to Meta work accounts will be at the business or organization-level. As part of an organization migrating to work accounts, an admin will grant access to their employees to access Business Manager using their work credentials (e.g., work email address). The employee will then need to claim their work account as part of the setup process. Organizations will be able to manage employees’ work accounts centrally, with administrative features such as single sign-on, automated account provisioning and two-factor authentication.

Q: Are Meta work accounts available for any business and Tech Providers to use?

A: We will begin rolling out Meta work accounts in the second half of 2023. The product will first be made available to a limited number of closed beta testers (mainly advertisers) in early H2 2023, and we hope to do a phased roll out thereafter to enable more businesses and Tech Providers to access work accounts.

Once we make work accounts generally available, any eligible business and Tech Providers interested in accessing Meta business tools with a separate login will be able to do so at no additional cost. Eligibility includes requirements such as having client resourcing to support the migration and the technical know-how and tools in place, such as the ability to set up single-sign on and/or to provision users in work accounts via an identity provider. We'll share more information on general availability timelines as it becomes available.

Q: Do Tech Providers need to take their users through the regular Facebook Login or Facebook Login for Business?

A: Both regular Facebook Login and Facebook Login for Business will support Meta work accounts. The end users who decide to migrate to Meta work accounts should be able to go through any existing web login integrations on the third-party developers’ surfaces. If end users encounter blockers throughout the flow, they’ll be able to leverage “Help Center” at the end of their Meta work accounts onboarding flow to reach their Tech Providers for support. Tech Providers can still send to Meta 1) URL to help center and 2) a generic support email address to be included in the “Help Center” for their end users.

Q: Will the Meta work accounts login flow be the same to request an access token?

A: Yes, the login flow will be the same to request an access token regardless if the user is authenticating with their FB profile or their work account.

Q: Will a Tech Provider need to ask for any new permissions to support Meta work accounts?

A: No, a Tech provider will not need to ask for any new permissions or implement changes to support Meta work accounts. Essentially, users can choose to adopt having a work-issued account, and may wish to authenticate with a third-party app using this work account rather than their previously used FB account. The transition to choose which account to connect with will primarily be user driven.

Q: What can Tech Provider partners do to support end user migration?

A: If your app is accessing clients’ business assets using System user access tokens or partner sharing, your third-party integration should not be impacted. If your app is using User access tokens (or Page access token generated from User access tokens), your app’s permissions and access to business assets granted by personal Facebook accounts will not automatically transition to the new Meta work accounts. Users will be required to regrant permissions to those business assets using their new work accounts to preserve your apps' access to those assets.

To minimize potential disruptions to your API calls, it is recommended your app provides the following:

1. Ability to proactively reauthorize an asset (e.g. page, ad account) before token invalidation. This can be done by periodically checking the user_access_expire_time field of each asset and prompting the user to reauthorize if a timestamp is returned.

2. Ability for users to bulk reauthorize assets for disconnected or soon-to-be disconnected assets. This can be done by providing a "Reconnect" or "Replace Expired Tokens" button in your application that allows users to reconnect all their business assets at once instead of one by one. The button should trigger an API call to your server with a list of business asset IDs and a new access token as parameters. Your server can then use the new access token for each of the business assets in the list and store them securely in your application's database or storage.

Q: If a user has granted a Tech Provider's app access to certain assets and they re-authenticate during the grace period, will the third-party app retain access to all of those assets (within the context of a specific Business Manager)?

A: Once a user logs in to a Tech Provider’s app with a work account via Facebook Login, they will need to re-select the assets from scratch. Once done, the third-party app will retain access to all of those assets, but only through the user access token associated with the user’s work account.

Q: Are there step-by-step CTAs that are required to be performed by Tech providers?

A: We cannot provide a definitive step-by-step end user experience because each 3P app and surface has different user flows / onboarding / access control, which results in a unique 3P installation experience.

Q: Are there any known issues preventing a user from re-authenticating with a Tech Provider’s app using Meta work accounts

A: We don’t support mobile FB Login with these work account identities on third-party surfaces yet, so we recommend users authenticate work accounts via web surfaces to avoid disruptions.

Q: What does a typical end user reintegration with a Tech Provider’s app look like?

A: When a user starts reintegrating with a Tech Provider’s app using their work accounts:

1. The User Access Tokens associated with their FB accounts will continue to be active for a 30-day grace period
2. During that time, that user will need to log into the App via web surfaces and re-grant permissions to business assets using their work accounts
   1. the user will need to do that for each App they use
   2. the user will need to do that for each Business Manager (BM) they are part of
   3. it is possible that a user may be logged into one BM using their personal account and a different BM using their work account
3. The users will then be able to use the App with their work accounts; User Access Tokens associated with the work accounts are generated for Tech Providers to make API calls
4. After 30 days, the original User Access Tokens associated with their FB accounts will lose access to the migrated business assets; the user can still re-authenticate at any time using their work account to complete reintegration

Note that users are migrated at business level, i.e. a user with access to multiple Business Managers will have multiple grace periods if they choose to not complete all their migrations at the same time. They need to finish migration for each business respectively.

Q: If a Tech Provider uses a System User Access Token as opposed to a User Access Token, will those connections be impacted by this rollout?

A: No, System User access tokens will not be impacted by this rollout. Only User Access Tokens belonging to the FB users that are migrating to work accounts will be impacted, due to loss of access to business assets.

Q: Would Meta work accounts reintegration with a Tech Provider’s app affect the app status?

A: No. It won’t trigger additional app reviews or access verifications; nor lift any existing enforcements on the app.

Q: Will existing Facebook integrations within Tech Providers’ product need to be reconnected/unauthorized after this change?

A: No, existing Facebook integrations will not expire or be deactivated. Apps will still continue to be able to use these Facebook-backed User Access Tokens. However, since the user might transfer some business assets away from their Facebook profile to their new work account, API calls that depend on the FB profile having access to specific assets may start failing due to loss of permitted access.

Q: Could a Tech Provider have an account in pilot for testing?

A: Yes. Meta work accounts sandbox self-testing tool will be accessible to Tech Provider partners via Dev Alert in Q2 ‘23.

Q: Will the work accounts need to be admins on the clients pages in order to manage their listings and authenticate via Oauth?

A: Yes, the work accounts will need to be admins on the client pages and re-authenticate via Oauth. When a user migrates their business from their personal account to their work account, the admin permissions are transferred to the work account automatically; and existing accounts will not have access to those pages after the 30-day transition window is over.

Q: How would migrating to MWA impact Meta Business Extension (MBE) integrations?

A: When migrating to MWA, MBE integrations may also be affected. Third-party partners who have implemented MBE are guided during implementation to call the API to exchange personal User Access Token for the Business Manager’s System User Access Token. If a 3P partner follows this guidance, then businesses using their app for MBE will NOT have their MBE integrations affected when they migrate to MWA. However, MBE integrations will break for apps that do not follow the guidance and instead continue to use personal User Access Tokens. Meta still encourages businesses who migrate to MWA to reintegrate with MBE, regardless of whether the integration will break.