Skip to main content
can allow new to join via explicit email invitation or just-in-time (JIT) provisioning. The right solution depends on the Organization’s use case:
  • To reduce friction to joining an Organization, is a simple way to ensure that new Members are added to their company’s Organization as soon as they authenticate.
  • If admins of your product need more control over who gets access to their Organization, they may want to restrict to email invites, or JIT provisioning by a specific OAuth tenant.
Often, the right solution will vary by Organization. To learn about how to enable Organizations to manage their own provisioning settings, see the Admin Portal guide.

Inviting Members via email

Enable inviting Members via email to allow Organization Members to invite new Members to the Organization via email invitation. Using the Update Organization endpoint:
  • Set email_invites to either:
    • RESTRICTED to allow specific email domains to be invited to the Organization
    • ALL_ALLOWED to allow any email domain to be invited to the Organization
  • If RESTRICTED, specify which email domains should be allowed with email_allowed_domains.
curl --request PUT \
  --url https://api.stytch.com/v1/b2b/organizations/{organization_id} \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '{
    "email_invites": "RESTRICTED",
    "email_allowed_domains": ["companyname.com"],
  }'
Stytch disallows setting certain common email domains on the email_allowed_domains array:
  • gmail
  • aol
  • yahoo
  • icloud
  • hotmail
  • msn
  • comcast
  • live
  • outlook
  • att
  • earthlink
  • me
  • mac
  • sbcglobal
  • verizon
  • ig
  • mail
  • hey
  • laposte
  • wanadoo
  • googlemail
  • orange
  • rediffmail
  • uol
  • bol
  • free
  • gmx
  • yandex
  • ymail
  • libero