Team onboarding with social sign-in and verified domains

Two things landed today that change how greyout handles team access. Sign in with Google or GitHub instead of email-only, and onboard a whole team automatically by verifying your domain — no invite links to chase.

What's live

• Sign in with Google or GitHub alongside the existing magic-link flow. Pick the provider on the sign-in screen. First-time sign-in creates the account just in time, so a new colleague never sees a register form. Microsoft Entra is wired but disabled while Publisher Verification finishes on Microsoft's side — coming in a follow-up.
• Verified domains under Settings → Verified domains. Add your domain, place the DNS TXT record we hand you at _greyout-verify.<your-domain>, click verify. From that point on, anyone signing in with an email at that domain auto-attaches to your workspace at the role you choose.
• Members under Settings → Members shows everyone with access. Change a role inline from the dropdown. Remove access without leaving the page. The last owner cannot be demoted or removed — built-in safety rail so a workspace never ends up without an admin.
• Permissions under Settings → Permissions lets owners toggle what each role can do, per workspace. Defaults ship sensible — owners run the workspace, members operate monitors and acknowledge incidents, viewers see but cannot change. Override any of it when the team works differently.

What changed for you

If you have ever invited a teammate by sending them a magic link and then remembering to set their role afterwards, that workflow is gone. Set up a verified domain once and every new colleague who signs in is already in your workspace at the right role from their first second.

For solo accounts nothing changes. The magic-link flow continues to work exactly as before and you do not need to set up anything new.

Documentation

• Verified domains
• Members
• Role permissions