Block Domain User without Invite / Admin Confirmation

Hi Asana please take care urgently: any user, with an email of an organization (domain), may enter in Asana, linked to organization, even if he hasn’t an invite.

Hi @Riccardo_Mares :wave:t3:

This is an expected behaviour! Anyone in org with a email address can automatically join your Organisation. If some of your colleagues don’t know Asana you can invite them to join, but this is also something they can do on their own :slight_smile: More info in this guide article: Setting up an organization in Asana | Product guide • Asana Product Guide

Hope this helps!

Sorry but I see it as a security bug.
You can’t relate a partecipation to a project management tool with the membership.

For company with a limited user plan, every time someone is added to a project (for error) it automatically enter in the Asana Organization of that domain.

I think the best thing you can do it’s to add an optional control “Admins need to confirm a new organization member”.



I believe they will get added but then you get a warning you are over the limit for a few days, giving you a chance to remove that person (or others).

Yes I know, but it’s a palliative.
It’s sad to hear from Asana that it’s an “expected behavior”, as if really ASANA thinks that every member of a company has the right to access to the project management tool of the same company!

After more than 2 years, this task is still pending.
It’s incredible a system as Asana continues to permit users with an email based on the “company domain” (set in Asana) can enter without any authorization by the admins!

Really are you not able to add a fu**ing option on the workspace setting “require admin confirmation to create a new user” here:

Or you don’t plan it, because so you can obtain new unaware paid users, with a big security bug?

1 Like

I’m with you. I complain about this to our Customer Success person every time we talk. As an Admin, it’s such a huge pain since everyone in our org is not ‘allowed’ to have a license, but I can’t control it so have to constantly audit it to keep our license count down. It’s so time consuming.

I hate that Asana does it as a way to drive more revenue and it feels like we’re just getting beaten down to increase our license count, even though not everyone needs a license. As a non-profit, we’re very focused on keeping costs down and every license has to be accounted for.