Skip to main content

Restrict SSO domains

Learn how to restrict SSO authentication to a list of approved domains.

You can restrict SSO authentication so that only users with email addresses from these domains are allowed. Separate multiple domains with commas.

On self-hosted deployments, this setting also disables username and password login. It is set using the RESTRICTED_DOMAIN environment variable.

  1. Navigate to your organization's Single Sign On (SSO) settings.
  2. Select your configured SSO provider.
  3. Specify one or more domains as a comma-separated list.
Enable JIT user provisioning.