Got it, thank you for the clarification. We are Enterprise but not using single sign on currently. This is good to know to help us get there though!
The suggested IDP workaround is just that, a workaround, and it creates significant operational friction for Enterprise+ environments. Shifting this invitation requirement to internal IAM teams to manually manage a static subgroup—simply to replicate a missing native toggle—introduces unnecessary administrative overhead. It makes everything clumsy and creates a fractured onboarding experience when access is eventually revoked. Years have passed since this was raised in this forum and it’s shocking Asana takes such a cavalier stance on this. Hands down, native RBAC for invitation rights ought to be standard at this Enterprise+ tier. It is on similar platforms. I am equally surprised that the current customer service response is unapologetic and necessitates high-touch manual intervention from clients to maintain institutional governance.