1# ChatGPT Work Admin FAQ1# Work mode admin FAQ
2 2
3ChatGPT Work brings the technology behind Codex into ChatGPT for longer,3Work mode brings the technology behind Codex into ChatGPT for longer,
4multi-step tasks. It can gather context from conversations, files, workspace4multi-step tasks. It can gather context from chats, files, workspace
5resources, and connected systems; use approved tools; and create review-ready5resources, and connected systems; use approved tools; and create review-ready
6artifacts. Access, context, actions, network behavior, and credit use vary by6outputs. Access, context, actions, network behavior, and credit use vary by
7plan, workspace settings, source permissions, and surface.7plan, workspace settings, source permissions, and surface.
8 8
9## Overview9## Overview
10 10
11Work lets users delegate longer, multi-step tasks to ChatGPT. It can gather11Work mode lets users delegate longer, multi-step tasks to ChatGPT. It can gather
12information from connected sources, reason across steps, create documents,12information from connected sources, reason across steps, create documents,
13presentations, or analyses, and return results for review.13presentations, or analyses, and return results for review.
14 14
15Work launches July 9, 2026. For Enterprise and Edu, web and mobile access starts15Work mode launched July 9, 2026. For Enterprise and Edu, web and mobile access is
16off by default during a two-week preview. Admins can enable billable usage, and16off by default during a two-week preview. Admins can enable billable usage, and
17explicit opt-outs persist when the default changes. Desktop access remains17explicit opt-outs persist when the default changes. Desktop access remains
18governed separately through Codex Local permissions and managed configuration.18governed separately through Codex Local permissions and managed configuration.
19 19
20This FAQ explains how admins manage Work in ChatGPT: access and data controls,20This FAQ explains how admins manage Work mode in ChatGPT: access and data controls,
21compliance and visibility, usage and spend, incident response, and rollout21compliance and visibility, usage and spend, incident response, and rollout
22practices.22practices.
23 23
24## Core administrative controls24## Core administrative controls
25 25
26Administrators govern Work through several control layers:26Administrators govern Work mode through several control layers:
27 27
28- **Access to the enterprise workspace:** Identity and access controls manage28- **Access to the enterprise workspace:** Identity and access controls manage
29 authentication and access to the workspace. Depending on the plan and29 authentication and access to the workspace. Depending on the plan and
33 enforce workspace-wide MFA through your identity provider. Manage SSO and33 enforce workspace-wide MFA through your identity provider. Manage SSO and
34 related identity settings in the34 related identity settings in the
35 [Global Admin Console](https://help.openai.com/en/articles/12289294-admin-portal).35 [Global Admin Console](https://help.openai.com/en/articles/12289294-admin-portal).
36- **Access to Work within the workspace:** On web and mobile, admins use the36- **Access to Work mode within the workspace:** On web and mobile, admins use the
37 top-level Work control and role-based access control (RBAC) to decide who can37 Work mode access control and role-based access control (RBAC) to decide who can
38 use it. Enterprise and Edu access starts off during the two-week preview;38 use it. Enterprise and Edu access is off during the two-week preview;
39 admins can enable it, and explicit opt-outs persist when the default changes.39 admins can enable it, and explicit opt-outs persist when the default changes.
40 Desktop access follows separate Codex Local permissions and40 Desktop access follows separate Codex Local permissions and
41 [managed configuration](https://learn.chatgpt.com/docs/enterprise/managed-configuration). Controls41 [managed configuration](https://learn.chatgpt.com/docs/enterprise/managed-configuration). Controls
46 [Groups and provisioning](https://learn.chatgpt.com/docs/enterprise/groups-and-provisioning).46 [Groups and provisioning](https://learn.chatgpt.com/docs/enterprise/groups-and-provisioning).
47- **Workspace and member roles:** Built-in Owner, Admin, and Member roles47- **Workspace and member roles:** Built-in Owner, Admin, and Member roles
48 determine who can administer the workspace. Custom roles and member RBAC48 determine who can administer the workspace. Custom roles and member RBAC
49 separately control end-user access to Work, apps, and other capabilities.49 separately control end-user access to Work mode, plugins, and other capabilities.
50 See50 See
51 [Roles and workspace permissions](https://learn.chatgpt.com/docs/enterprise/roles-and-workspace-permissions).51 [Roles and workspace permissions](https://learn.chatgpt.com/docs/enterprise/roles-and-workspace-permissions).
52- **Plugins and apps:** Plugin policy governs plugin availability and52- **Plugins and connectors:** Plugin policy governs plugin availability and
53 installation. App access, action controls, and approval behavior are53 installation. Connector access, action controls, and approval behavior are
54 configured separately, and Workspace Agents have additional per-agent54 configured separately, and Workspace Agents have additional per-agent
55 controls. See [Plugin controls](https://learn.chatgpt.com/docs/enterprise/apps-and-connectors),55 controls. See [Plugin controls](https://learn.chatgpt.com/docs/enterprise/apps-and-connectors),
56 [Plugins](https://learn.chatgpt.com/docs/plugins), and the56 [Plugins](https://learn.chatgpt.com/docs/plugins), and the
58- **Source-system permissions:** A user can access only the content and actions58- **Source-system permissions:** A user can access only the content and actions
59 allowed by the account or shared connection in the native application. See59 allowed by the account or shared connection in the native application. See
60 [Admin controls, security, and compliance in apps](https://help.openai.com/en/articles/11509118-admin-controls-security-and-compliance-in-apps-enterprise-edu-and-business).60 [Admin controls, security, and compliance in apps](https://help.openai.com/en/articles/11509118-admin-controls-security-and-compliance-in-apps-enterprise-edu-and-business).
61- **Approval and action restrictions:** For apps that support Action control,61- **Approval and action restrictions:** For connectors that support Action control,
62 admins can allow all actions, read-only actions, or a custom set and decide62 admins can allow all actions, read-only actions, or a custom set and decide
63 how newly added actions are handled. App permissions separately determine63 how newly added actions are handled. App permissions separately determine
64 when ChatGPT asks before using an app.64 when ChatGPT asks before using a connector.
65- **Credits:** ChatGPT Work and Codex share pricing, credits, and usage limits.65- **Credits:** Work mode and Codex share pricing, credits, and usage limits.
66 Eligible Enterprise and Edu admins can set monthly per-user limits through a66 Eligible Enterprise and Edu admins can set monthly per-user limits through a
67 workspace default, group defaults, and individual overrides. Users can67 workspace default, group defaults, and individual overrides. Users can
68 request increases when the workspace allows it. Business follows a separate68 request increases when the workspace allows it. Business follows a separate
79 79
80### How are access to data, systems, and user actions protected?80### How are access to data, systems, and user actions protected?
81 81
82Work is governed by the identity, access, and permission controls already82Work mode is governed by the identity, access, and permission controls already
83established in your ChatGPT workspace. Administrators use identity management,83established in your ChatGPT workspace. Administrators use identity management,
84[RBAC](https://help.openai.com/en/articles/11750701-rbac), and workspace roles84[RBAC](https://help.openai.com/en/articles/11750701-rbac), and workspace roles
85to determine who can use Work.85to determine who can use Work mode.
86 86
87Where supported, access can be synchronized with your identity provider through87Where supported, access can be synchronized with your identity provider through
88[SCIM](https://help.openai.com/en/articles/10011769-openai-platform-scim-integration-faq)88[SCIM](https://help.openai.com/en/articles/10011769-openai-platform-scim-integration-faq)
89and group synchronization. This lets you manage access and permissions centrally89and group synchronization. This lets you manage access and permissions centrally
90as employees join the organization, change roles, or leave.90as employees join the organization, change roles, or leave.
91 91
92Underlying source systems continue to enforce access to enterprise data. Work92Underlying source systems continue to enforce access to enterprise data. Work mode
93respects the permissions defined in connected applications, so users and agents93respects the permissions defined in connected applications, so users and agents
94can access only files, repositories, channels, records, and actions they are94can access only files, repositories, channels, records, and actions they are
95authorized to use. Work doesn't bypass existing access controls or grant new95authorized to use. Work mode doesn't bypass existing access controls or grant new
96permissions in connected systems.96permissions in connected systems.
97 97
98### How does Work access data and context?98<a id="how-does-work-access-data-and-context"></a>
99 99
100Work can use the current conversation, uploaded files, workspace resources, and100### How does Work mode access data and context?
101
102Work mode can use the current chat, uploaded files, workspace resources, and
101connected systems through plugins. Depending on enabled capabilities and103connected systems through plugins. Depending on enabled capabilities and
102permissions, this can include documents, repositories, tickets, channels,104permissions, this can include documents, repositories, tickets, channels,
103email, and calendars. Artifacts from earlier tasks or memory can be available105email, and calendars. Files from earlier chats or memory can be available
104when included in the current conversation or project, or when applicable106when included in the current chat or project, or when applicable
105workspace and user memory controls are enabled.107workspace and user memory controls are enabled.
106 108
107Each context source keeps its own controls: users supply conversation context,109Each context source keeps its own controls: users supply chat context,
108admins manage workspace resources, and connected systems enforce authentication110admins manage workspace resources, and connected systems enforce authentication
109and permissions. Work can access only information authorized for the user or an111and permissions. Work mode can access only information authorized for the user or an
110approved shared connection.112approved shared connection.
111 113
112Work inherits applicable ChatGPT workspace protections. Residency, retention,114Work mode inherits applicable ChatGPT workspace protections. Residency, retention,
113logging, and feature availability vary by plan, region, surface, and connected115logging, and feature availability vary by plan, region, surface, and connected
114system, so confirm coverage for your configuration.116system, so confirm coverage for your configuration.
115 117
141 143
142## Compliance144## Compliance
143 145
144### How does Work support enterprise privacy and data commitments?146<a id="how-does-work-support-enterprise-privacy-and-data-commitments"></a>
147
148### How does Work mode support enterprise privacy and data commitments?
145 149
146Work uses the privacy, security, and data commitments applicable to the150Work mode uses the privacy, security, and data commitments applicable to the
147customer's ChatGPT workspace, subject to plan, configuration, surface, feature,151customer's ChatGPT workspace, subject to plan, configuration, surface, feature,
148and region. For ChatGPT Enterprise, this includes152and region. For ChatGPT Enterprise, this includes
149[no training on business data by default](https://help.openai.com/en/articles/8983130-what-if-i-want-to-keep-my-history-on-but-disable-model-training),153[no training on business data by default](https://help.openai.com/en/articles/8983130-what-if-i-want-to-keep-my-history-on-but-disable-model-training),
155[data and inference residency guidance](https://help.openai.com/en/articles/9903489-data-residency-and-inference-residency-for-chatgpt)159[data and inference residency guidance](https://help.openai.com/en/articles/9903489-data-residency-and-inference-residency-for-chatgpt)
156and the customer's agreement for the features and regions in use.160and the customer's agreement for the features and regions in use.
157 161
158Connected applications have their own retention, logging, access, residency,162Connected services have their own retention, logging, access, residency, and
159and compliance requirements. When Work uses apps, repositories, or third-party163compliance requirements. When Work mode uses plugins, repositories, or third-party
160systems, evaluate both the ChatGPT workspace controls and the connected164systems, evaluate both the ChatGPT workspace controls and the connected
161system's controls.165system's controls.
162 166
167 171
168### What data is stored, retained, or deleted?172### What data is stored, retained, or deleted?
169 173
170Data retention and deletion for Work are governed by the ChatGPT workspace174Data retention and deletion for Work mode are governed by the ChatGPT workspace
171plan, administrative settings, and the capabilities in use. Retention can vary175plan, administrative settings, and the capabilities in use. Retention can vary
172across the information Work accesses. Data stored by ChatGPT follows the176across the information Work mode accesses. Data stored by ChatGPT follows the
173configured workspace retention policies, while connected applications continue177configured workspace retention policies, while connected applications continue
174to manage their own data and lifecycle policies. See178to manage their own data and lifecycle policies. See
175[Chat and file retention policies](https://help.openai.com/en/articles/8983778-chat-and-file-retention-policies-in-chatgpt).179[Chat and file retention policies](https://help.openai.com/en/articles/8983778-chat-and-file-retention-policies-in-chatgpt).
176 180
177Work can create conversation content, uploaded or generated files, artifacts,181Work mode can create chat content, uploaded or generated files, artifacts,
178and execution metadata. Codex tasks can also create repository or environment182and execution metadata. Codex chats can also create repository or environment
179metadata, command output, diffs, and logs. Check the current product and183metadata, command output, diffs, and logs. Check the current product and
180[Compliance API](https://learn.chatgpt.com/docs/enterprise/compliance-api) documentation for exact data184[Compliance API](https://learn.chatgpt.com/docs/enterprise/compliance-api) documentation for exact data
181classes, retention periods, and deletion paths.185classes, retention periods, and deletion paths.
235 239
236Governance spans three related but separate layers:240Governance spans three related but separate layers:
237 241
238- **Work access controls** determine who can use the personal Work agent on242- **Work mode access controls** determine who can use Work mode on
239 each surface.243 each surface.
240- **Workspace Agent controls** determine who can build, publish, share,244- **Workspace Agent controls** determine who can build, publish, share,
241 schedule, or configure reusable agents and shared connections.245 schedule, or configure reusable agents and shared connections.
245 249
246Managed configuration constrains supported runtime behavior. It doesn't grant250Managed configuration constrains supported runtime behavior. It doesn't grant
247workspace access, replace RBAC, or revoke a user's workspace access. These251workspace access, replace RBAC, or revoke a user's workspace access. These
248layers aren't one uniform Work policy surface. Analytics and compliance logs252layers aren't one uniform Work mode policy surface. Analytics and compliance logs
249provide additional visibility within their documented product and event253provide additional visibility within their documented product and event
250scopes.254scopes.
251 255
262 266
263### Can access be scoped by group, role, workspace, or capability?267### Can access be scoped by group, role, workspace, or capability?
264 268
265Yes. Work capabilities can be scoped with workspace roles, identity groups,269Yes. Work mode capabilities can be scoped with workspace roles, identity groups,
266and administrator-defined permissions. Assign capabilities to groups based on270and administrator-defined permissions. Assign capabilities to groups based on
267business need and organizational policy instead of giving every user identical271business need and organizational policy instead of giving every user identical
268access. See the272access. See the
269[RBAC guide](https://help.openai.com/en/articles/11750701-rbac) and this273[RBAC guide](https://help.openai.com/en/articles/11750701-rbac) and this
270[RBAC walkthrough](https://vimeo.com/1207482321/d1286e4467?share=copy&fl=sv&fe=ci).274[RBAC walkthrough](https://vimeo.com/1207482321/d1286e4467?share=copy&fl=sv&fe=ci).
271 275
272Organizations can use RBAC to determine which users can access Work, manage276Organizations can use RBAC to determine which users can access Work mode, manage
273workspace settings, configure approved plugins, or build and publish Workspace277workspace settings, configure approved plugins, or build and publish Workspace
274Agents. For eligible Enterprise and Edu workspaces, monthly usage limits can278Agents. For eligible Enterprise and Edu workspaces, monthly usage limits can
275support a phased rollout through a workspace default, group defaults, and user279support a phased rollout through a workspace default, group defaults, and user
276overrides.280overrides.
277 281
278Access to connected systems remains independently governed. Scope apps, shared282Access to connected systems remains independently governed. Scope plugins, shared
279credentials, repositories, and write-capable actions to the minimum required283credentials, repositories, and write-capable actions to the minimum required
280audience using workspace permissions, app settings, and the source system's284audience using workspace permissions, plugin settings, and the source system's
281controls. For higher-trust environments, use managed policies to restrict285controls. For higher-trust environments, use managed policies to restrict
282runtime capabilities further.286runtime capabilities further.
283 287
284### How are runtime and network boundaries governed?288### How are runtime and network boundaries governed?
285 289
286The security boundaries for Work depend on the task. A conversational task, a290The security boundaries for Work mode depend on the task. A chat in Chat mode, a
287connected workflow, a scheduled task, and a Codex task can run in different291connected workflow, a scheduled task, and a Codex chat can run in different
288environments with different permissions, tools, and network access.292environments with different permissions, tools, and network access.
289 293
290Govern each execution environment through its applicable controls. Work294Govern each execution environment through its applicable controls. Work mode
291permissions on web and mobile govern access to Work and supported browser or295permissions on web and mobile govern access to Work mode and supported browser or
292network capabilities. Search, apps, plugins, Workspace Agents, and296network capabilities. Search, plugins, Workspace Agents, and
293source-system permissions remain separate controls. Desktop and Codex tasks297source-system permissions remain separate controls. Desktop and Codex chats
294follow Codex permissions, managed configuration, MCP policy, sandboxing, and298follow Codex permissions, managed configuration, MCP policy, sandboxing, and
295approval controls. These controls aren't interchangeable.299approval controls. These controls aren't interchangeable.
296 300
297For Codex activity, local runs in the ChatGPT desktop app, CLI, and IDE execute301For Codex activity, local runs in the ChatGPT desktop app, CLI, and IDE execute
298on the user's machine with operating-system sandboxing and approval policies.302on the user's machine with operating-system sandboxing and approval policies.
299Codex cloud runs tasks in isolated OpenAI-managed environments. Enterprise303Codex cloud runs chats in isolated OpenAI-managed environments. Enterprise
300administrators can use managed requirements to constrain permission profiles,304administrators can use managed requirements to constrain permission profiles,
301approvals, filesystem and network access, MCP servers, hooks, command rules,305approvals, filesystem and network access, MCP servers, hooks, command rules,
302and other supported runtime behavior.306and other supported runtime behavior.
303 307
304## Usage and cost308## Usage and cost
305 309
306### How does Work usage translate into spend over time?310<a id="how-does-work-usage-translate-into-spend-over-time"></a>
311
312### How does Work mode usage translate into spend over time?
307 313
308[ChatGPT Work and Codex share pricing, credits, and usage limits](https://learn.chatgpt.com/docs/pricing).314[Work mode and Codex share pricing, credits, and usage limits](https://learn.chatgpt.com/docs/pricing).
309Consumption varies with the model and capability, context size, task duration,315Consumption varies with the model and capability, context size, task duration,
310tool use, and output size. Standard Chat usage is separate.316tool use, and output size. Standard Chat usage is separate.
311 317
312The highest-variance patterns are often workflows that run frequently,318The highest-variance patterns are often workflows that run frequently,
313retrieve or process large amounts of information, call multiple tools or apps,319retrieve or process large amounts of information, call multiple tools or connectors,
314retry after failures, or produce large artifacts. Cost-sensitive examples320retry after failures, or produce large artifacts. Cost-sensitive examples
315include scheduled or recurring work, high-volume triggers, large files, broad321include scheduled or recurring work, high-volume triggers, large files, broad
316retrieval across enterprise sources, repeated app calls, and Codex tasks that322retrieval across enterprise sources, repeated connector calls, and Codex chats that
317process repositories, run commands, or use cloud environments.323process repositories, run commands, or use cloud environments.
318 324
319Use spend controls, usage analytics, and reporting to monitor these patterns325Use spend controls, usage analytics, and reporting to monitor these patterns
359 365
360### How can admins stop access or activity?366### How can admins stop access or activity?
361 367
362Admins can need to stop users, apps, shared credentials, workflows, schedules,368Admins can need to stop users, plugins, shared credentials, workflows, schedules,
363or Codex credentials during user removal or incident review.369or Codex credentials during user removal or incident review.
364 370
365Revocation paths include:371Revocation paths include:
367- Remove a user's workspace or group access. For SCIM-managed users, remove373- Remove a user's workspace or group access. For SCIM-managed users, remove
368 access at the identity provider; otherwise, a later synchronization can374 access at the identity provider; otherwise, a later synchronization can
369 provision the user again.375 provision the user again.
370- Disable or restrict the relevant app.376- Disable or restrict the relevant plugin or connector.
371- Revoke a shared connection, bot, or service account through its owning377- Revoke a shared connection, bot, or service account through its owning
372 surface. Workspace owners and admins can separately revoke Codex workspace378 surface. Workspace owners and admins can separately revoke Codex workspace
373 access tokens.379 access tokens.
394 400
395## Recommended admin actions401## Recommended admin actions
396 402
397- **Confirm who should have access first.** Decide whether to keep Work off,403- **Confirm who should have access first.** Decide whether to keep Work mode off,
398 run a pilot, or roll out broadly. Many organizations start with power users,404 run a pilot, or roll out broadly. Many organizations start with power users,
399 champions, or teams with clear use cases.405 champions, or teams with clear use cases.
400- **Review roles and permissions.** In **Permissions & roles**, confirm which406- **Review roles and permissions.** In **Permissions & roles**, confirm which
401 users or groups can access Work. Match access to business need, readiness,407 users or groups can access Work mode. Match access to business need, readiness,
402 and governance expectations.408 and governance expectations.
403- **Review connected apps and data sources.** Work is most useful with approved409- **Review plugins and data sources.** Work mode is most useful with approved
404 business context such as files, email, calendars, Slack, or CRM. Review410 business context such as files, email, calendars, Slack, or CRM. Review
405 enabled apps, their audiences, and whether app policies still match how users411 enabled plugins, their audiences, and whether connector policies still match how users
406 should delegate work.412 should delegate work.
407- **Set expectations for appropriate use cases.** Position Work for multi-step,413- **Set expectations for appropriate use cases.** Position Work mode for multi-step,
408 higher-value tasks such as research, synthesis, analysis, file creation,414 higher-value tasks such as research, synthesis, analysis, file creation,
409 workflow updates, and reusable outputs. Use Chat for quick questions,415 workflow updates, and reusable outputs. Use Chat mode for quick questions,
410 light rewrites, or brainstorming.416 light rewrites, or brainstorming.
411- **Review credit and usage controls.** Because Work can perform longer-running417- **Review credit and usage controls.** Because Work mode can perform longer-running
412 tasks, it can use more credits than a standard Chat conversation. Review418 tasks, it can use more credits than a standard chat in Chat mode. Review
413 defaults, group defaults, user overrides, and internal guidance about419 defaults, group defaults, user overrides, and internal guidance about
414 matching effort to business value.420 matching effort to business value.
415- **Identify your first high-value workflows.** Start with clear, reviewable421- **Identify your first high-value workflows.** Start with clear, reviewable