Restrict SSO domains
Learn how to restrict SSO authentication to a list of approved domains.
| Custom SSO Availability | |||
|---|---|---|---|
| Cloud-hosted | Generally Available | ||
| Self-hosted (3.268 Edge) | Generally Available | ||
| Self-hosted (3.196 Stable and later) | |||
You can restrict SSO authentication so that only users with email addresses from these domains are allowed. Separate multiple domains with commas.
On self-hosted deployments, this setting also disables username and password login. It is set using the RESTRICTED_DOMAIN environment variable.
- Cloud-hosted organizations
- Self-hosted organizations
- Navigate to your organization's Single Sign On (SSO) settings.
- Select your configured SSO provider.
- Specify one or more domains as a comma-separated list.
- Navigate to Settings > Single Sign-on (SSO).
- Select your configured SSO provider.
- Specify one or more domains as a comma-separated list.
This setting disables username and password login. It is also set using the RESTRICTED_DOMAIN environment variable.
