Block @google.com Users from Logging In or Signing Up with Google Login

Last Updated: Sep 25, 2024

Overview

This article clarifies whether it is possible to restrict Google Social Login only to users with a specific domain, for example, “joe.user@okta.com”, and prevent every “@google.com” user from signing in or signing up.

In other words, it clarifies whether it is possible to block “@gmail.com” users from signing up or logging in to the application.

Applies To

  • Google Login
  • Restrict users

Solution

Follow the steps or video below:

Creating an Action that determines the user’s email domain and prevents access is possible. For example, if the domain matches ‘google.com’, that user can be denied access.

To achieve this behavior, it is necessary to create a Post-Login Action. Even though it is a “Post Login” Action, the user won’t be logged in. The Post-login Action follows the flow shown in this diagram:

The user will start the login flow but once the Action is triggered, it will perform the required validations and stop the issuing of the Access Token. The outcome will be that the user will be unable to log in with those credentials.

When it comes to Google Login, it is worth noting that this flow should be used either when attempting to block users from logging in as well as from signing up.

For signups, if using an Auth0 database connection, it is possible to use the Pre-Registration action flow to achieve the same result. However, if a user creates an account by signing up with Google (Google login), the correct flow is Post-Login.

The following example demonstrates how to block users associated with a specific domain, such as “@gmail.com”.
The following code example can be modified to address specific needs.

const onExecutePostLogin = async (event, api) => {
    var userEmailDomain = event.user.email;
    userEmailDomain = userEmailDomain.split("@")[1];

    if (userEmailDomain == 'gmail.com'){
        return api.access.deny('You are not allowed to access this resource');
    }
};
exports.onExecutePostLogin = onExecutePostLogin;

To create this Action:

  1. Login to the Admin dashboard

  2. Navigate to Dashboard > Actions > Flows > Login

  3. Click “+” to the right of Add Action

  4. Click Build Custom from the drop-down list

  5. The Create Action box appears: assign a name, trigger type, and Node runtime

  6. Click Create to create the Action

    Create a new Action

Once the new Action has been created, a code editor will be displayed, and the code for the Action can be defined.

Once the code is complete and ready to be tested, drag it to the Post-Login Action flow. It is now ready for execution.