Thanks for flagging this — we’ve seen this happen, especially for SSO orgs. Most common cause - The invite link is a single‑use token with a limited lifetime. Email security tools (e.g., Microsoft Safe Links, Proofpoint, Mimecast) often “pre-click” or rewrite links, which consumes the token before the user opens it — resulting in “link has expired.” How to fix it quickly 1) Cancel the pending invite and re‑invite - In Prefect Cloud, go to your workspace/org’s Manage Users and remove the pending invitation, then send a fresh invite. - Coordinate with the recipient so they open it promptly. 2) Ask the recipient to: - Open the link in a private/incognito window. - Make sure they select “Continue with SSO” and authenticate with the exact email you invited. - If your company uses link scanning, try right‑click → Copy link address from the email and paste it directly into the browser (sometimes avoids scanner redirects). If scanners still trigger, ask IT to temporarily bypass scanning for the invite or allowlist Prefect invite links. 3) If it still fails: - Verify the invite still shows as Pending in Manage Users (if not, regenerate it). - Have the user log out of any existing Prefect Cloud sessions before trying the link. - Confirm SSO is enforced and that the invited email matches the user’s IdP identity. Helpful docs - Manage users in Prefect Cloud - Configure SSO in Prefect Cloud If you share a bit more detail, I can tailor the next steps: - Is SSO enforced for the org? Which IdP? - Does the invite still show as Pending after they click it? - Are you inviting to the org or a specific workspace? - Do you know if your email gateway uses link scanning/rewrite? If none of the above resolves it, let me know and I’ll point you to the best way to loop in Prefect Support with timestamps and screenshots.