Improved security for handling user email domains

September 24, 2021

When creating an Organization in WorkOS, you will now be prompted with an option checkbox which says “Allow authentication for users that do not match Organization email domains.” When left unselected (default), WorkOS will check that a user’s email domain matches one of the listed domains on the Organization object. If the domain is not included, user authentication will fail. 

In the rare case that you are unable to maintain a list of domains that are valid for that organization, you may check this box to disable the additional security check. 

This enhanced security feature is backwards compatible with existing connections, and we’ve migrated the majority of connections already. This change does not affect Google or Microsoft OAuth authentication, as these integrations have no domain restriction.

If you have questions about this new functionality and the implications for your app, feel free to check the documentation or reach out to WorkOS Support.

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.