I have a multi-tenant app with numerous Auth0 clients and connections. A few of those connections are the Auth0 database type that allow users to “sign up” via Auth0 Lock. I would like to create a rule where only users with an email from a specific domain are allowed to sign up. How can I go about preventing signups from all other domains?
You can indeed achieve something similar through rules; I say similar because the users will be created, but access will be denied so they will not be able to complete the authentication process unless the domain matches the ones allowed.
There’s a base template rule for denying access based on email domain that you can use as guidance if denying access is sufficient.
However, if you really want to prevent the users even from being created, you can check the hooks functionality (currently still in beta). There’s a pre-registration hook that should allow you to prevent the user from being created based on the context available (allowed domain for the associated connection).