[ccakes]

You can invite by email addr, so the workaround here is only invite corporate email addresses.

If the target user hasn't added their corp email to their profile then they can't be part of the org.

[EE84M3i]

This can be vulnerable to "ticket trick" - often support/helpdesk sites are put on the main domain and have reply-to email addresses that will reflect the content back to the user requesting support. This can be used to sign up for slack, etc.

[prepend]

This is what I do but I really wish there was a better integration with auth providers and could use it for the invite. Would be nice to search my directory to type the email and confirm the name matches the email.

This is what GitLab does with their hosted AD/LDAP connector.

I’m in fear of mistyping something and inviting the wrong person.

[dotancohen]

So never type an email address in at all. Go to an extent email message, copy the bloke's email address, then paste it into the Github interface.