Whenever a new user from an approved domain logs into our Monday.com space they are granted a member level license. We do want people to have to use SSO to login/validate, but do not want the system to grant a member level license by default. Switching the default to View-Only seems like the easiest fix, but perhaps creating a “pending approval” option is easier for the platform.
I don’t know which is the quickest/easiest way to solve the issue, but having to monitor the account for mystery SSO joiners every day is not very enjoyable.
You’ll want to investigate the SCIM provisioning capabilities. This lets you set up the provisioning of users into “groups” in your directory service (assuming Entra ID/Azure ID/OneLogin/OKTA, etc.) which get to be different user types in monday. You’d then assign users access to different roles in your directory service rather than monday itself. This lets you make people viewers. This way, app requests can be processed through normal corporate processes to request a license.
This option requires Enterprise, which I think is the same as for SSO with SAML.