I’d like to suggest a change to the team settings behavior.
Currently, the “Restrict invites to approved domains” option cannot be enabled unless “Auto-join for approved domains” is turned on first. They appear to be coupled, with the restriction setting requiring auto-join to be active.
However, my use case is to restrict invitations to specific domains (e.g., company.com) without allowing auto-join. I want users from approved domains to still go through an approval process or be added manually, rather than automatically joining the team.
It would be great if these two settings could be independent:
One toggle for “Restrict invites to approved domains”
A separate toggle for “Auto-join for approved domains”
This would give teams more flexibility to enforce domain-based invitation restrictions while keeping control over who actually joins.
Hi Cursor Team
I’d like to build on this suggestion with two additional feature requests that address a broader access control gap:
Restrict invite permissions to admins only
Currently, all team members — not just admins — can send invitations to new users. For organizations managing
licensed seats and access policies, this creates significant governance challenges. We believe the ability to invite
new members should be an admin-only privilege.
Introduce an admin approval step for incoming members
Beyond controlling who can send invites, we would also like to see an approval workflow where invited users do not
gain immediate access upon accepting an invitation. Instead, an admin should be required to review and approve each
new member before they are added to the team.
Together with the domain restriction decoupling proposed above, these changes would provide organizations with the
level of access control expected in an enterprise team management tool — ensuring that team composition remains
fully under administrative oversight.
We appreciate the Cursor team’s consideration of these improvements.