We support Single Sign On using Google and Microsoft but we’ve seen that a user of Microsoft can register with Google using their Microsoft email address. Google then sends them a validation email and they can then proceed to login using that email address against Google or Microsoft.
The problem then comes if they leave the Microsoft identity for whatever reason, e.g. they were fired, they can just choose to auth against Google at login and still authenticate using the same email.
Is there a way of ensuring the user hasn’t just registered their company email address, which was with MSFT, with Google’s Identity and are signing in with that instead?
Was wondering about only supporting GSuite or Microsoft Work Accounts for SSO?