Access policy to restrict email does not work

What is the name of the domain?

example.com

What is the issue you’re encountering

In the access policy for one time password. I have added allow policy and include to one email : [email protected], when i try to use other other email i dont get otp which is good but how to redirect to no access page.

You don’t. Access doesn’t behave any differently with a valid email address vs. an invalid one by design. Sending an address to a no access page would allow an attacker to enumerate valid email addresses and provide an attack vector for valid accounts.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.