Overview
This article explains how to resolve the following error that occurs when a user attempts to log in with a domain that is different from the one used to create the Google Workspace connection:
Email domain mismatch: domain1.com is not in the list of allowed email domains for this identity provider
Applies To
- Google Workspace
Cause
By default, a Google Workspace connection is initially set up with a single primary domain. While other domains can be added later, this primary domain is the main one associated with the account for users and services.
Solution
To allow the Google Workspace connection to support multiple domains, any additional domains must be added under Identity Provider domains. This is a necessary step even if the Home Realm Discovery (HRD) is not used.
This field can be found under the Login Experience tab of the connection:
