Is there a way to filter identity providers per domain such that email token won’t work if a specific domain is requesting a token?
Is there a way to filter a specific identity provider for a specific domain for the same site but still provide multiple identity providers?
Access Policy
Identity Providers:
AzureAD
Email token
Scenario:
Protected site: myprotectedsite.sampledomain.tld
Policy: Emails allowed
Email ends in @[sampledomain.tld]
Email mail also be [other allowed email addresses]
Desire:
Email ends in @[sampledomain.tld] but can only be authenticated versus AzureAD
If @[sampledomain.tld] tries to use email token, it won’t send.
Create rules which only match the specific identity providers in use.
Rule 1: emails ending in @foo.com
Rule 2: member of Azure group ID 12345.
If a user is a member of group 12345 and has an email address of [email protected] they could use either, because there’s no unique way to require one or the other, but for everyone else the specific rule criteria would apply.
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.