I had an interesting experience the other day with a user that was new to our organization came into my office, saying that I should check the security settings of our Glip site because he was able to create his own account and "Get in".
This caused me a bit of panic until I discovered the following:
- Because his e-mail was associated with the same domain as mine, when he created his ID, Glip recognized that we already had a Glip instance configured and it added him to it. To its credit, Glip confirms the user's "legitimacy" by making them click on a link in an e-mail that gets sent to their supplied address before activating the account.
- While he was able to get in, he was able to get into the "Organization-wide" team, but none of the individual teams that we had configured.
- He was able to see/IM others in the organization.
I suppose it could be argued that this is a great feature that simplifies administration/rollout of the product but I don't really believe that - I can think of many scenarios where organizations might want to restrict who is allowed to use the app.
Has anybody else stumbled across this "feature"? What are your thoughts?
I'd be particularly interested in hearing RingCentral's position on this.