If I understand your case correctly, this should be possible using Roles and RBAC and rules. You can create 2 roles, user and ‘adminfor example. In a rule, you can add theuser’ role to all users on first login, and add admin to all users with @example.com email domain.
Here is an example rule for adding the role:
Here is an example domain whitelisting rule:
Let me know if you need help piecing it together,
Dan