Skip to content
InPolicy InPolicy Docs

Sign in for the first time

InPolicy never asks you to create a password. You sign in either through your work identity provider (Google Workspace or Microsoft Entra) or by accepting an email invitation from your admin.

Option 1: SSO (Google Workspace or Microsoft Entra)

Section titled “Option 1: SSO (Google Workspace or Microsoft Entra)”

Your admin has connected your organization’s identity provider. Sign-in is a redirect:

  1. Go to your tenant URL — usually https://app.inpolicy.ai or a subdomain your admin provided.
  2. Click Sign in with Google or Sign in with Microsoft.
  3. Approve the OAuth consent prompt the first time (your admin already approved the app for the organization; your personal consent covers profile and email scopes).
  4. You’ll be redirected back to InPolicy, signed in.

Your name, email, and avatar come from your identity provider. If you change any of those at the provider level, InPolicy will pick up the change the next time your admin runs a directory import (see Directory sync).

Option 2: Email invitation

Section titled “Option 2: Email invitation”

If your admin invited you by email, you’ll receive a message with a link that looks like:

https://app.inpolicy.ai/auth/accept-invitation?token=…
  1. Click the link. No sign-in is required to open it.
  2. Set a password on the acceptance screen.
  3. You’re in.

Invitation tokens expire after 7 days. If the link says “invitation expired”, ask your admin to resend the invitation.

Troubleshooting

Section titled “Troubleshooting”

”You don’t have access to this tenant.”

Section titled “”You don’t have access to this tenant.””

You aren’t in the directory yet. Ask your admin to invite you directly, or — if SSO directory sync is enabled — wait for the next sync.

”Domain not allowed.”

Section titled “”Domain not allowed.””

Your email domain isn’t on the tenant’s allowlist. This is controlled by an admin under Settings → SSO.

Section titled “The invitation link says “expired.””

Tokens expire after 7 days. Ask your admin to re-send — there’s no way to extend an already-issued token.

”Invalid token” or “token already used.”

Section titled “”Invalid token” or “token already used.””

Invitation tokens are single-use. If you clicked the link, accepted, and then tried again from the same email, that’s expected. Go to https://app.inpolicy.ai and sign in normally instead.

I signed in, but I can’t see any policies.

Section titled “I signed in, but I can’t see any policies.”

You probably have the default User role, which only sees published policies. If none have been published yet, there’s nothing to show. The empty state is intentional.

What happens next

Section titled “What happens next”
  • Install the browser extension if your team uses it.
  • If you’re an admin, head to users and roles next.
  • Otherwise, you’re done — browse published policies from the Policies menu.