<aside> <img src="/icons/notion_blue.svg" alt="/icons/notion_blue.svg" width="40px" />
We recognize that each company is unique, and many factors influence workspace-level settings decisions. Below are our general recommendations and key consideration to help you make the best choice for your team.
<aside> <img src="/icons/gear_blue.svg" alt="/icons/gear_blue.svg" width="40px" />
The highest leverage thing you can do as an Enterprise workspace owner is to verify ownership of your email domain. This unlocks many of our most advanced enterprise capabilities like:
| Setting | Recommendation | Key Considerations |
|---|---|---|
| Enable SSO | Toggle on |
→ SSO streamlines user management across systems for IT admins and gives end users a single access point for a seamless experience. |
| Login Method | Only SAML SSO |
→ Enforces SAML as the only login method for your workspace which simplifies the experience for both end-users and IT Admins. |
| Automatic account creation | Toggle off |
→ Prevents new users from automatically creating a Notion account if they login via SSO which is helpful if you plan to roll out Notion in phases. |
| Suppress invite emails from SCIM provisioning | Toggle on |
→ Controls if users will receive invite emails when provisioned by SCIM to workspaces. |
→ Gives you more control on how the Notion roll-out is communicated internally and prevents everyone from receiving an automatic email when you’re not ready to announce the launch. |
| Setting | Recommendation | Key Considerations |
|---|---|---|
| Disable publishing sites and forms | Toggle on |
→ This prevents a member from publishing a page to the web, which someone outside of the workspace to view the page if they have the link. |
→ We generally recommend disabling publishing sites/forms at the workspace level and enabling it within specific teamspaces if there is a need to have that capability. Only a user that is both a workspace owner and a teamspace owner has the ability to override this setting within a specific teamspace.
→ Users often are not aware of the fact that if they publish a page, all of the sub-pages underneath are published as well. Admins can view and audit all pages that are currently published to the web can be viewed by going to the Sites tab |
| Disable duplicating pages to other workspaces | Toggle on | → This prevents a member from duplicating content into another Notion workspace. We recommend this in order to ensure confidential information is not easily duplicated outside of your workspace. |
| Disable export | Toggle on | → This prevents a member from exporting content into another Notion workspace. We recommend this in order to ensure confidential information is not easily exported outside of your workspace.
→ We generally recommend disabling exporting content at the workspace level and enabling it within specific teamspaces if there is a need to have that capability. Only a user that is both a workspace owner and a teamspace owner has the ability to override this setting within a specific teamspace. |
| Disable members inviting guests to pages | Toggle on | → We generally recommend disabling guests at the workspace level and enabling it within specific teamspaces if there is a need to have that capability. Only a user that is both a workspace owner and a teamspace owner has the ability to override this setting within a specific teamspace.
→ If you already have guests in the workspace and choose to disable guests, you will have the option to keep or remove the existing guests in your workspace.
|
| Allow members to request adding guests | Toggle on | → If you disable members adding guests to pages, you can still give them the option to request adding a guest to a page. This means you can vet who is being added as a guest to which page across the workspace.
→ If you prefer to give your members freedom to add guests to any page, you can toggle Disable members inviting guests to pages off and this option will no longer be available. |
| Allow members to request adding other members | Toggle on | → Members can request a user is added into the workspace. You can approve or deny these requests in the Members section under Requests. |
| Allow any user to request to be added as a member of the workspace | Toggle off | → We recommend managing users entirely via SSO which would supersede any users requesting members be added. |
| Setting | Recommendation | Key Considerations |
|---|---|---|
| Limit teamspace creation to only workspace owners | Toggle on |
→ This only allows workspace owners to create teamspaces which prevents a sprawl of teamspaces. We typically recommend workspace owners to have a strategy around the core teamspaces that will be needed in the workspace. |
→ Members can come to workspace owners to create additional teamspaces for specific projects or tiger teams if needed. | | | | |
| Setting | Recommendation | Key Considerations |
|---|---|---|
| Save and display page view analytics | Toggle on |
→ This gives you visibility into analytics across the entire workspace and every member in the workspace will be able to see analytics to pages that they have access to. |
→ Individuals can change their own view history setting under My settings if they do not want their page views to be recorded. |
| Allowed email domains | Remove all allowed email domains | → This creates a backdoor for users to become members of your workspace. We recommend enabling SSO and having it be the only sign-in method so all of your user provisioning is managed via your IDP.
→ Removing allowed email domains is also very important if you are thinking about rolling out Notion to your team in multiple phases. |
Notion's custom data retention settings empower your team to effortlessly meet your company's compliance requirements. In this guide, we’ll show Enterprise workspace owners how to tailor data retention settings and recover deleted pages.
Use Notion’s Data Retention settings to keep your team compliant & restore content
Audit logs give workspace owners access to detailed information about security and safety-related activity. This can help identify potential security issues, investigate suspicious behavior, and troubleshoot access.