zulip/templates/zerver/help/restrict-account-creation.md

122 lines
3.4 KiB
Markdown

# Restrict account creation
{!admin-only.md!}
Each Zulip account is associated with an email address. If your organization
allows multiple authentication methods, it doesn't matter which one is used to
create an account. All authentication methods will work for all users in your
organization, provided that they are associated with the account email. To log
in with email, users are required to verify their email account by clicking on a
validation link.
Zulip provides a number of configuration options to control who can create a new
account and how users access their accounts:
* You can [require an invitation](#set-whether-invitations-are-required-to-join)
to sign up (default), or you can [allow anyone to
join](#set-whether-invitations-are-required-to-join) without an invitation.
* You can [restrict who can invite users](#change-who-can-send-invitations) to
your organization. To protect your organization, creating *reusable* invite
links is always limited to administrators.
Regardless of whether invitations are required, you can:
* [Configure allowed authentication
methods](/help/configure-authentication-methods).
* [Restrict sign-ups to a fixed list of allowed
domains](#restrict-sign-ups-to-a-list-of-domains)
(including subdomains). For example, you can require users to sign up with
the email domain for your business or university.
* Disallow signups with known [disposable email
address](https://en.wikipedia.org/wiki/Disposable_email_address). This
is recommended for open organizations to help protect against abuse.
## Set whether invitations are required to join
{start_tabs}
{settings_tab|organization-permissions}
1. Under **Joining the organization**, toggle **Invitations are required for
joining this organization**.
{!save-changes.md!}
{end_tabs}
## Change who can send invitations
{!owner-only.md!}
You can restrict the ability to invite new users to join your Zulip organization
to specific [roles](/help/roles-and-permissions). To protect your organization,
while permission to send out individual email invitations is configurable, creating
*reusable* invitation links is always limited to administrators.
{start_tabs}
{settings_tab|organization-permissions}
1. Under **Joining the organization**, configure
**Who can invite users to this organization**.
{!save-changes.md!}
{end_tabs}
## Configuring email domain restrictions
### Restrict sign-ups to a list of domains
{start_tabs}
{settings_tab|organization-permissions}
1. Set **Restrict email domains of new users?** to
**Restrict to a list of domains**.
1. Click **Configure** to add any number of domains. For each domain, you can
toggle **Allow subdomains**.
1. When you are done adding domains, click **Close**.
{!save-changes.md!}
{end_tabs}
### Don't allow disposable domains
{start_tabs}
{settings_tab|organization-permissions}
1. Set **Restrict email domains of new users?** to
**Don't allow disposable emails**.
{!save-changes.md!}
{end_tabs}
### Allow all email domains
{start_tabs}
{settings_tab|organization-permissions}
1. Set **Restrict email domains of new users?** to
**No restrictions**.
{!save-changes.md!}
{end_tabs}
## Related articles
* [Configure authentication methods](/help/configure-authentication-methods)
* [Invite new users](/help/invite-new-users)
* [Set default streams for new users](/help/set-default-streams-for-new-users)
* [Configure default new user settings](/help/configure-default-new-user-settings)