Does enforcing SSO via Okta prevent users from being added/invited by members?

Hello all!

After seeing that Asana doesn’t have a way to prevent current users from inviting other team members (which makes seat management an unmitigated nightmare), I’ve decided to enforce SSO login. I’ve read multiple posts that say “you can train your people on the use,” which I have and will continue to do. Anyone who works in a company knows that that doesn’t solve a situation like this where there’s no roadblock to them inviting people other than “hi, we asked you not to do this.”

Given the nature of Okta, they would need the tile in Okta to access Asana but I’m curious how it works on the Asana side.

Any insight is appreciated.

Thanks!

1 Like

Hi @Emily_Rose,

Thanks for the post! I am not that familiar with this capability within Asana, but I have attached an article that talks about the different login capabilities provided. One I would bring attention to is the SAML, which addresses your issues with OKTA.

Hope this helps!

Hi.

I am a user of Asana and Okta.
When I access Asana, Then redirected to Okta.

Hi @Emily_Rose ! Jumping in to commiserate. I can’t speak to Okta but we experienced the same challenge and implemented SSO. Our goal was to put a guardrail in place to stop users from being able to invite new users. Not everyone has finance approval to use the platform, yet.

With SSO in place, unless a user is added to the Azure security group they are unable to authenticate to accept the invite and remain as pending invite in the admin console. Even with SSO in place, we are struggling with enforcing the idea that only admins should be adding users. When users are added to Asana and can’t access it, that creates IT tickets for our team and a lot of work we simply don’t have resources for.

That said, I would heavily +1 the idea of Asana removing the Invite Teammates button from the sidebar and anywhere outside of the Admin console. This should be applied to all managed/paid instances (especially enterprise!) This would remove a lot of the admin work about work where member management is concerned. Or at least let super admins customize what that button does on click - for example: put a redirect to a form/request process or landing page that explains how for our company users can request a license.

There are solutions like Okta and also SCIM which automate the provisioning of licenses which we are exploring as well. But until that Invite Teammates button goes away I think this issue will remain.

Good luck and keep us posted on how this evolves with your team.

2 Likes