Yes, it is possible to achieve this scenario using Ory's suite of tools. Here's a high-level overview of how you can do it: 1. Inviting a user: You can invite users to your application by creating a basic user account for them and triggering account recovery. You then send the recovery link to the user's email address. The user performs account recovery which forces them to define new credentials, and they get a fully functional account with the credentials they defined. This process can be automated by writing custom code that relies on the specifics of your implementation. [Source](https://www.ory.sh/docs/kratos/manage-identities/invite-users) 2. Assigning admin role: Ory Permissions (based on Ory Keto) can be used to manage fine-grained access control. You can create a permission model that assigns the 'admin' role to the invited user. [Source](https://www.ory.sh/docs/guides/permissions/overview#next-steps) 3. Restricting invites to the same email domain: You can use Ory Actions to add additional checks when users initiate registration. For example, you can create logic that verifies that the user's email address is associated with a valid domain (in this case, the same domain as the initial user). [Source](https://www.ory.sh/docs/kratos/hooks/configure-hooks#actions-triggered-before-events) 4. Allowing the admin to send invites: The admin user can use the same process described in step 1 to invite more users. You can automate this process by writing custom code. Please note that this is a high-level overview and the actual implementation will depend on the specifics of your application and your requirements. You may need to write custom code to automate some of these processes and to integrate Ory's tools with your application.

A message from kapa.ai

To achieve this, you can use a combination of Ory's tools. Here's a high-level overview: 1. Creating an admin user: When you invite a user and they create their account, you can assign them an 'admin' role within your application. This can be done using Ory Permissions (based on Ory Keto), which allows you to define fine-grained permissions. You can create a permission model that assigns the 'admin' role to the invited user. [Source](https://www.ory.sh/docs/guides/permissions/overview#next-steps) 2. Inviting more users: The admin user can invite more users by triggering a process in your application that creates a new user account and sends a recovery link to the new user's email address. This process can be automated by writing custom code that relies on the specifics of your implementation. [Source](https://www.ory.sh/docs/kratos/manage-identities/invite-users#procedure) 3. Restricting invites to the same email domain: You can use Ory Actions to add additional checks when the admin user initiates the invitation process. For example, you can create logic that verifies that the new user's email address is associated with the same domain as the admin user. [Source](https://www.ory.sh/docs/kratos/hooks/configure-hooks#actions-triggered-before-events) Please note that this is a high-level overview and the actual implementation will depend on the specifics of your application and your requirements. You may need to write custom code to automate some of these processes and to integrate Ory's tools with your application.

To achieve this, you can implement an "Invite User" feature within your application that uses the Ory Kratos Admin API to create new user accounts. Here's a high-level overview of how you can do it: 1. Creating an Invite User feature: This feature should allow the admin user to enter the email address of the user they want to invite. When the admin user submits the form, your application should send a request to the Ory Kratos Admin API to create a new user account. 2. Creating a new user account: Your application can send a POST request to the

/admin/identities

endpoint of the Ory Kratos Admin API to create a new user account. The request should include the email address of the user to invite as the account identifier. [Source](https://www.ory.sh/docs/kratos/manage-identities/invite-users#procedure) 3. Triggering account recovery: After creating the new user account, your application can send another POST request to the

/admin/recovery/link

endpoint of the Ory Kratos Admin API to trigger account recovery for the new user account. This will generate a recovery link that the user can use to set their password and complete the registration process. [Source](https://www.ory.sh/docs/kratos/manage-identities/invite-users#procedure) 4. Sending the invite: Your application can then send an email to the user with the recovery link. When the user clicks on the link, they will be taken to a page where they can set their password and complete the registration process. Here's an example of how you can create a new user account and trigger account recovery:

bash # Create a new user account curl --request POST -sL \     --header "Authorization: Bearer {ORY_API_KEY}" \     --header "Content-Type: application/json" \     --data '{     "schema_id": "<preset://email>",     "traits": {        "email": "$USER_EMAIL_ADDRESS"       }     }' https://{project-slug}.<http://projects.oryapis.com/admin/identities|projects.oryapis.com/admin/identities>    # Trigger account recovery curl --request POST -sL \      --header "Authorization: Bearer {ORY_API_KEY}" \      --header "Content-Type: application/json" \      --data '{      "expires_in": "12h",      "identity_id": "$ACCOUNT_ID"      }' https://{project-slug}.<http://projects.oryapis.com/admin/recovery/link|projects.oryapis.com/admin/recovery/link>

Please note that this is a high-level overview and the actual implementation will depend on the specifics of your application and your requirements. You may need to write custom code to implement the Invite User feature and to integrate Ory's tools with your application.