User invite control for Enterprise accounts

Hey Asana,

I’m currently the Manager of IT Infrastructure at a 600+ user SaaS startup and we use Asana Enterprise for a subset of our teams.

I’ve been getting frequent messages from our account rep trying to upgrade our seat count since we seemingly keep going over. This led me to dig into Asana usage and how users are getting in to our account.

We pay for Enterprise to use SSO/SCIM through Okta to control user access to Asana, like we do for nearly every other SaaS product in our stack.

Asana currently does not allow Enterprise Customers to disable users from inviting each other to the account. So even with access controls set up at the Okta level, these are being bypassed by end users who are inviting each other. What makes this especially unsavory is receiving notifications to buy more seats on our account due to pending invites (That we don’t want authorized in the first place) under the explanation that "This means that should these invited users accept their invitations, you will fall into overage. ".

We have our Asana account as locked down as it possibly can be according to their documentation, but there is a wide open gap for other users to invite each other.

Support will tell you that if the users are not assigned the app in our Okta they won’t have a license provisioned, which normally I’d agree with and have no issues. However, using these pending invites as a premise to charge for more seats is growth hacking at it’s most egregious.

Asana needs to allow Enterprise customers to disable the ability for users with no admin permission to invite each other to their platform. They have the capability to do so, as shown by the feature to disable guest invites but the feature is conveniently missing for paid seats.

This is not a new issue either it seems as seen in this Asana forum post as well as this thread.

I was encouraged to make a post on the forums by the support VIP Team. I’d love to hear if any other business owners, administrators, or IT staff have similar experiences.

Thanks for sharing, ccing my colleagues who might be interested @Julien_RENAUD @Arthur_BEGOU

2 Likes

Welcome, @Michael_B_IT,

Don’t forget to vote at the top of the thread (even though you originated it, you should still vote). I did.

Thanks,

Larry

1 Like

Thanks, as Asana experts I’d love to hear your insight on the subject.

Control over end user ingress and egress is one of the most important things to modern day enterprise companies that are beholden to regulations, certifications, audits.

Having loose controls for such an expensive piece of software is a hard sell come renewal time, no matter how wonderful the actual tool is to use.

I understand, I am raising this issue to Asana directly as well to get an answer.

1 Like

Any word from Asana?

It was confirmed to me that this topic is often raised and discussed. So this is definitely on their radar.

1 Like

Slightly worrying that they’re aware of the issue and that it is raised often but have not addressed it for quite a long time if the forum posts I linked are any indication.