Invitations
Invitations are how trusted identities become users inside your tenant: they bind an email address to a role, respect SSO requirements, and create an auditable trail of who brought someone into the system. This guide walks through sending, resending, and revoking invitations, plus common failure modes when WorkOS or your IdP enforces domain rules.
HR-adjacent admins and IT partners coordinating onboarding should keep this page handy during hiring season.
Overview
Section titled “Overview”Always pick the least privilege role that matches day-one responsibilities; escalate later with documented changes rather than over-inviting as “easier.” Confirm whether your organization requires SSO-only access so invitations do not strand new hires on the wrong authentication path.
If an invite bounces or expires, diagnose email delivery and IdP provisioning before spamming retries—duplicate invites confuse audit narratives. Advanced topics like SCIM provisioning will be linked here as they become generally available.