I’m looking for a solution, possibly a marketplace solution, that would allow new user subscriptions only based on business emails. For example: user@gmail is not allowed; user@google is allowed. So essentially email domain needs to be verified and confirmed this is a legit business outfit.
Hi @mike16
Welcome to the Auth0 Community!
My understanding is that you would be looking to restrict signup and login to your application to a specific list of email domains.
An easy implementation of this flow would be to use our Actions feature in order to restrict access based on an allowlist of email domains. Once you establish the domains that you wish to grant access to, you can then add the list to a Post - Login Action so that access will only be granted to domains from the list. Allow me to share some useful Action templates and documentations on the matter:
While Auth0 cannot directly determine the legitimacy of a business, it can be used to limit access to your application based on a list of email domains that you know are trustworthy.
Hope this helped!
Gerald
Thank you but that does not cover my use case. I want to all business emails. So it is a lot more than just some list matching
Hi @mike16
Thank you for your reply.
Auth0 does not have, out of the box, a list of email domains that are classified as business emails, or a list that outlines potential personal email domains, therefore the approval/denial process will still require to have it’s logic setup from your end, according to your preferences.
While this could prove as a more complex implementation compared to my previous suggestion of using Actions to restrict/grant access, it might be worth taking our Organizations feature into consideration. It is tailored for business-to-business scenarios and provides better management of partners and customers.
You would be able to set the Login Experience in your application to Business Users only and further configure the login flow of your users, but this again will not inherently restrict users as in your initial example ( restricting gmail domains while allowing google domains). This fine-tuned implementation is possible by providing a list of approved email domains by your end.
Have a great one!
Gerald