Last Updated: Dec 9, 2024
Overview
Users can register with email domains that are not allowed by the company’s policy. This article details whether it is possible to automatically deny signups based on email domain.
Applies To
- User Sign Up
- Email Domains
- Deny email domains
Cause
If there is nothing blocking or denying, Auth0 databases will allow any valid email address.
Solution
Using a Pre-User Registration Action, it is possible to parse the email or use a RegEx to filter domains.
See below for an example of how to deny sign-up based on a list of allowed domains. NOTE: this is not a complete solution but an idea to help get started. Be sure to test before deploying in production.
exports.onExecutePreUserRegistration = async (event, api) => {
const allowedDomains = ["mydomain.com", "yourdomain.com"]
let currentEmail = event.user.email || "default.com";
let currentDomain = currentEmail.split('@')[1];
if (!allowedDomains.includes(currentDomain)) {
api.validation.error("invalid-domain", "Invalid Domain")
}
};
This would produce the following on Universal Login: