Organization settings
The Organization page in the admin area holds the controls reserved for the Super Admin: the login-domain registry and the danger zone. Day-to-day policy settings — approval policy, reporting timezone, and similar — live on the separate Governance page instead.
Register a login domain (auto-join)
Section titled “Register a login domain (auto-join)”Once your company’s email domain is registered and verified, anyone who logs in with an email at that domain is automatically added to your organization at a role you choose — no invites needed.
- Open the Registered domains section. Your own login-email domain is shown under Your domain — you can only register the domain of your own email address, and public providers such as gmail.com are rejected.
- Choose the default role under New members join as: Read-only (this dropdown’s name for the User Read-Only role), User, or Admin.
- Click Register domain. A verification email is sent to your own address, and the domain row shows a Pending chip.
- Click the link in the email. It is valid for 72 hours — use the row’s Resend button if it expires. On success the row flips to Active: “auto-join is now active.”
What auto-join does — and doesn’t:
- New logins at the domain join at the default role. An existing member’s role is never changed.
- Matching is exact — subdomains don’t count.
- A domain can be active in only one organization.
- Remove stops future auto-joins only: “Members who already joined this way keep their access — only future logins are affected.”
Change the default role at any time with the row’s joins as dropdown. To adjust an individual member afterwards, use Users & Access.
Danger zone: delete the organization
Section titled “Danger zone: delete the organization”- Click Delete organization in the Danger zone card.
- Type the organization’s name exactly to enable the button.
- Confirm. The organization shuts down immediately — every member is locked out on their next action — and the permanent purge follows after the cooling-off window.
This action can only be performed from a logged-in browser session — it is deliberately unreachable through API tokens, even full-access ones.