Auth0 Home Blog Docs

Separating user login option by their email domain

auth0

#1

Hi,

What is the best way to handle the following scenario:
I have both my clients and my employees login to my product, but I want to enforce separate security rules on them.
I want my employees (all with emails of @mydomain.com) to be able to ONLY login with gsuite SSO, and my clients (all with emails NOT @mydomain.com) to only be able to login with a generated user and password I’ve provided.
The user name is always the email address so it’s easy to recognize if a user is my employee or a client.

I don’t really care UI-wise if both sets of users will see both login options (i.e. Google login button AND user name and password fields).
All I care is to be able to enforce the security of gsuite on my employees (i.e. 2step-auth, password length, etc.) and provide them with SSO, and at the same time no security restrictions for my clients.

The simplest solution is NOT to tell my employees their user and password, thus forcing them to use Google login button, BUT then they can click the “forgot password” and bypass this obstacle easily.

Thanks,


#3

Hey there @shay.k and let you know that I am looking into your described situation. Thanks!


#4

Reviewing the use case you described appears to be related to a Enterprise feature as described here within lock. Please let me know if this is the desired result. Thanks!


#5

Hi @James.Morrison looks like this is spot on!
I’ll try it.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.