# Restrict account creation

{!owner-only.md!}

Each Zulip account is associated with an email address. If your organization
allows multiple authentication methods, it doesn't matter which one is used to
create an account. All authentication methods will work for all users in your
organization, provided that they are associated with the account email. To log
in with email, users are required to verify their email account by clicking on a
validation link.

Zulip provides a number of configuration options to control who can create a new
account and how users access their accounts:

* You can [require an invitation](#set-whether-invitations-are-required-to-join)
  to sign up (default), or you can [allow anyone to
  join](#set-whether-invitations-are-required-to-join) without an invitation.

* You can [restrict the ability to invite new users](#change-who-can-send-invitations) to
 join your Zulip organzation to specific [roles](/help/roles-and-permissions).

Regardless of whether invitations are required, you can:

* [Configure allowed authentication
  methods](/help/configure-authentication-methods).

* [Restrict sign-ups to a fixed list of allowed
  domains](#restrict-sign-ups-to-a-list-of-domains)
  (including subdomains). For example, you can require users to sign up with
  the email domain for your business or university.

* Disallow signups with known [disposable email
  address](https://en.wikipedia.org/wiki/Disposable_email_address). This
  is recommended for open organizations to help protect against abuse.

## Set whether invitations are required to join

{start_tabs}

{settings_tab|organization-permissions}

1. Under **Joining the organization**, toggle **Invitations are required for
   joining this organization**.

{!save-changes.md!}

{end_tabs}

## Change who can send invitations

{start_tabs}

{settings_tab|organization-permissions}

1. Under **Joining the organization**, configure
   **Who can send email invitations to new users** and
   **Who can create reusable invitation links**.

{!save-changes.md!}

{end_tabs}

## Configuring email domain restrictions

### Restrict sign-ups to a list of domains

{start_tabs}

{settings_tab|organization-permissions}

1. Set **Restrict email domains of new users?** to
   **Restrict to a list of domains**.

1. Click **Configure** to add any number of domains. For each domain, you can
   toggle **Allow subdomains**.

1. When you are done adding domains, click **Close**.

{!save-changes.md!}

{end_tabs}

### Don't allow disposable domains

{start_tabs}

{settings_tab|organization-permissions}

1. Set **Restrict email domains of new users?** to
   **Don't allow disposable emails**.

{!save-changes.md!}

{end_tabs}

### Allow all email domains

{start_tabs}

{settings_tab|organization-permissions}

1. Set **Restrict email domains of new users?** to
   **No restrictions**.

{!save-changes.md!}

{end_tabs}

## Related articles

* [Configure authentication methods](/help/configure-authentication-methods)
* [Invite new users](/help/invite-new-users)
* [Set default streams for new users](/help/set-default-streams-for-new-users)
* [Configure default new user settings](/help/configure-default-new-user-settings)