I’m currently the Manager of IT Infrastructure at a 600+ user SaaS startup and we use Asana Enterprise for a subset of our teams.
I’ve been getting frequent messages from our account rep trying to upgrade our seat count since we seemingly keep going over. This led me to dig into Asana usage and how users are getting in to our account.
We pay for Enterprise to use SSO/SCIM through Okta to control user access to Asana, like we do for nearly every other SaaS product in our stack.
Asana currently does not allow Enterprise Customers to disable users from inviting each other to the account. So even with access controls set up at the Okta level, these are being bypassed by end users who are inviting each other. What makes this especially unsavory is receiving notifications to buy more seats on our account due to pending invites (That we don’t want authorized in the first place) under the explanation that "This means that should these invited users accept their invitations, you will fall into overage. ".
We have our Asana account as locked down as it possibly can be according to their documentation, but there is a wide open gap for other users to invite each other.
Support will tell you that if the users are not assigned the app in our Okta they won’t have a license provisioned, which normally I’d agree with and have no issues. However, using these pending invites as a premise to charge for more seats is growth hacking at it’s most egregious.
Asana needs to allow Enterprise customers to disable the ability for users with no admin permission to invite each other to their platform. They have the capability to do so, as shown by the feature to disable guest invites but the feature is conveniently missing for paid seats.
I was encouraged to make a post on the forums by the support VIP Team. I’d love to hear if any other business owners, administrators, or IT staff have similar experiences.