This isn't currently supported, but I think it's reasonable to implement. Behavior would roughly be something like this:

• An instance administrator adds a whitelisted mail domain to the instance (mycompany.com).
• We probably need to approve these? Or maybe you just have to get us to do it on your behalf for now? Seems potentially bad if someone adds gmail.com as a whitelisted domain -- this wouldn't actually do anything bad, but could be pretty confusing for new users.
• Anyone who verifies an account at the domain is automatically added to the instance as a member.

Does that sound roughly like what you're after?

Yep, that sounds pretty much perfect.

Is there any workaround I could do with invites right now? Like a multi-use invite link?

There isn't really much of a workaround available at the moment, but I think we can get the feature deployed in some reasonable form by later today.

That would be awesome! I've shown Phabricator (Differential specifically) to a few people and used it for some changes. They've basically gone crazy about how awesome it is (they've only known github PRs). I'd like to have them start spreading the word virally in the org without me. Something like a multi-use invite link would work well for that, although are certainly other approaches. Thanks!

This is now deployed to the cluster and I've updated the configuration for your instance. You should be able to see the domain on your instance page, and the configuration change in the transaction log in case I spelled it wrong or something silly like that.

Here's how it works for now:

• Currently, we (Phacility) have to edit the domains associated with your instance for you, so let us know if you want more/different domains. We could make this user-editable eventually, I just want to avoid someone adding gmail.com by mistake or because they are very clever.
• When a user verifies an email address at a domain associated with your instance, they should automatically be invited to the instance. In particular, it will appear on their homepage console and logins will work.

Because we don't require verification to browse admin.phacility.com, the login workflow isn't as smooth as it could be right now. Specifically, between the time a user registers with their @mycompany.com address and tries to login to mycompany.phacility.com, they won't get a UI hint telling them that they need to verify, and the "you can't login" error won't point them at this remedy. I've made some notes to improve this in T7173 (basically: tell them to verify their address if doing so would allow them to log in). In the meantime, instructions for users would be something like:

• Register on admin.phacility.com with your @mycompany.com address.
• Check your mail and verify your address! You won't be able to login until you do.
• After verifying, login at mycompany.phacility.com.

We can attack T7173 on the sooner-rather-than-later side if this causes friction in practice, the error is just on the general-purpose open-source Phabricator side of the codebase rather than the proprietary SAAS-specific Phacility side so adding hooks is a little bit more involved.

If a user has already signed with another address (say, a personal address), they can use Settings → Email Addresses to add a @mycompany.com address. As soon as they verify it they'll get invited to the instance.

And obviously this is brand new, so let us know if you run into issues or it doesn't solve your problem or whatever else.

Thanks for the quick turnaround! Just went through it with a couple of people and seems to be working great.