Insomnia logo
  • Documentation
  • Get Started for Free
    • Introduction to Insomnia
    • Install Insomnia
    • Send Your First Request
    • Import and Export Data
    • Environment Variables
    • Global Environments
    • Insomnia Accounts
    • Forgotten Passphrase
    • Managing E2EE (End-to-End Encryption)
    • Organizations
    • Enable Enterprise membership
    • Configuring EE SSO
    • Integrating Insomnia Enterprise with Okta SAML 2.0
    • Integrating Insomnia Enterprise with Okta OpenID Connect
    • Integrating Insomnia Enterprise with Microsoft Azure/Entra ID SAML 2.0
    • Insomnia Whitelisting Guide for Enterprise Users
    • Transfer enterprise organizations and license
    • Configuring SCIM
    • Multiple Owners
    • Manage Domains
    • Invite Controls
    • Storage Controls
    • Session Report
    • Insomnia Subscriptions
    • Insomnia Subscription Management
    • Scratch Pad Tutorial
    • Requests
    • Responses
    • Request Collections
    • Request Timeouts
    • Chaining Requests
    • Post CSV Data
    • SOAP Requests
    • gRPC
    • WebSocket Support
    • Get Started with Documents
    • Design Documents
    • Linting
    • GraphQL for OpenAPI
    • Migrate from Designer
    • Unit Testing
    • Stress Testing
    • Insomnia Storage Options Guide
    • Sync with Insomnia Cloud
    • Sync with Git
    • Key Security Features
    • Security Standards
    • Signup and Authentication
    • Analytics Collected
    • End to End Data Encryption
    • Software Bill of Materials
    • Verifying Build Provenance for Signed Insomnia Binaries
    • Authentication
    • Client Certificates
    • Collection Runner
    • Generate Code Snippet
    • Cookie Management
    • Encoding
    • GraphQL Queries
    • Run in Insomnia Button
    • Key Maps
    • Proxy
    • Folder-level settings
    • Introduction to Plugins
    • Context Object Reference
    • Template Tags
    • Hooks and Actions
    • Custom Themes
    • AI Runner
    • FAQ
    • Application Data
    • SSL Validation
    • Password Recovery
    • Introduction to Inso CLI
    • Install Inso CLI
    • CLI Command Reference
      • inso run test
      • inso run collection
      • inso lint spec
      • inso export spec
      • inso script
      • Using Custom Linting with Inso CLI
    • Configuration
    • Inso CLI on Docker
    • Software Bill of Materials
    • Verifying Signatures for Signed Inso CLI Images
    • Verifying Inso CLI Build Provenance
      • Verifying Build Provenance for Signed Inso CLI Images
      • Verifying Build Provenance for Signed Inso CLI Binaries
    • Continuous Integration
    • Insomnia Pre-request Script Overview
    • Insomnia After-Response Script Overview
    • Secret Environment Variables
    • External Vault Integration (Enterprise feature)
    • Insomnia API Mocking Overview
    • Enterprise Login Report

Invite Controls

Note: This feature is only available for Enterprise subscriptions.

Invite controls - intro

To access it, an enterprise owner needs to go into their Enterprise Controls and then into Invite Controls.

With the new Invite Control enterprise capability, you can now determine which domains are allowed to be invited to work on your organizations and projects. This ensures that external users aren’t mistakenly invited.

While the decision to invite someone is still entirely under the control of the organization’s admins, setting up Invite Control rules further ensures that only approved domains can be added to your projects, collections, and design specs. For example, if an admin mistakenly invites someone they shouldn’t have (such as a user with a personal email address instead of a corporate email), Invite Control can catch the error immediately and prevent the invite from being sent.

The capability to invite users to an organization can be entirely disabled with the Invite Control feature as well.

Invite control - starting point

When configuring domains that are allowed for invites across your organization, or on a specific organization, you can choose between the following options:

  • All domains: Any domain will be permitted for invites.
  • Only verified domains: Only domains that you previously added to your Domains setup will be permitted for invites.
  • Custom domains: Domains that you define specific to one or more organizations, which don’t necessarily need to be added to your Domains setup.

Invite control - allowed domains menu

Once you set up the domain rules for invites according to your preferences for each organization in your enterprise, you may also see users who are not in compliance with the rules you defined (e.g., their email domains are not part of the settings you chose). In those cases, you’ll be shown an option in the list of organizations within the Invite Controls menu to remove the users (both members and pending invites) that are not in compliance with the defined invite rule.

Invite control - setup example

This capability, in addition to Storage Control and the many other enterprise governance, compliance, and security capabilities in Insomnia, helps to ensure that your API assets are always secure and accessible only by authorized individuals in your organization.

Edit this page
Report an issue
    COMPANY
  • Insomnia
  • Blog
  • Changelog
  • Pricing
  • Careers
    PRODUCTS
  • Insomnia
  • Inso (CLI)
    RESOURCES
  • Sign In
  • Documentation
  • Support
    LEGAL
  • Privacy Policy
  • Terms & Conditions
© Kong Inc. 2021