ff504a3b80
* create redirect stage * show "keep context" toggle in Flow mode only * fix typos * add docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> * simplify property pass * simplify toggle * remove `print` statements whoops * fix typo * remove default from `RedirectStage.mode` * remove migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * oops Signed-off-by: Jens Langhammer <jens@goauthentik.io> * adjust docs Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
940 B
940 B
title
| title |
|---|
| Whitelist email domains |
To add specific email addresses to an allow list for signing in through SSO or directly with default policy customization, follow these steps:
-
In the Admin interface, navigate to Customization > Policies and modify the default policy named
default-source-enrollment-if-sso. -
Add the following code snippet in the policy-specific settings under Expression and then click Update.
allowed_domains = ["example.net", "example.com"]
current_domain = request.context["prompt_data"]["email"].split("@")[1]
if current_domain not in allowed_domains:
ak_message("Access denied for this email domain")
return False
return ak_is_sso_flow
This configuration specifies the allowed_domains list of domains for logging in through SSO, such as Google OAuth2. If your email is not in the available domains, you will receive a 'Permission Denied' message on the login screen.