Access Policy Filter identity provider per domain

Is there a way to filter identity providers per domain such that email token won’t work if a specific domain is requesting a token?

Is there a way to filter a specific identity provider for a specific domain for the same site but still provide multiple identity providers?
Access Policy
Identity Providers:
Email token

Protected site: myprotectedsite.sampledomain.tld
Policy: Emails allowed
Email ends in @[sampledomain.tld]
Email mail also be [other allowed email addresses]

Email ends in @[sampledomain.tld] but can only be authenticated versus AzureAD
If @[sampledomain.tld] tries to use email token, it won’t send.

Create rules which only match the specific identity providers in use.

Rule 1: emails ending in
Rule 2: member of Azure group ID 12345.

If a user is a member of group 12345 and has an email address of [email protected] they could use either, because there’s no unique way to require one or the other, but for everyone else the specific rule criteria would apply.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.