Leveraging domain restriction in your Brightidea system allows you to conveniently secure your audience using an email address domain. System Admins can easily secure access, registrations, and logins for their selected domain at both the Initiative and Enterprise levels, please refer to the following to get started:
Enterprise Level
- System Admins can configure domain restriction by enabling Restrict Self-Registration by Email Domain under System Setup > Access > Registration
-
- When enabled, this setting will control who can access Enterprise-level pages based on their login email domain.
-
- Admins can specify which domains can access their Enterprise level pages:
- Once this is set, users within the specified email domains can:
- Login with standard Brightidea credentials
- Self-Register
- Register via Registration Invites
- Login via Single Sign On (SSO)
- Access all Enterprise level pages
- If a user's email domain is not on this list, they will not be able to log in or access the system.
Initiative Level
- To implement domain restriction at the Initiative level, navigate to Site Setup > Access > Registration
- Adminis can specify the desired email domains for that Initiative.
- Note: This restriction applies to both direct Initiative login and any hyperlinks to the Initiative from the Enterprise level.
Important Notes:
- Admins can add as many domains as needed
- In order for SSO to function, the user's domain must be included in the Enterprise level domain list.
- SSO always authenticates at the Enterprise level only! This is true even if the user is navigating to an initiative level page.
- Accidental Lock-Out
- If an Admin does not configure domain restriction correctly and locks themselves out of an Initiative - contact Brightidea Support via our Support Portal.
- Be mindful of variations in the restrictions on the Initiative level vs. the Enterprise level
- If a user's domain is included at the Initiative level, but not the Enterprise level, the user will see hyperlinks to that Initiative on the Enterprise level, but be logged out if they attempt to access
- If an Admin replaces a Domain A with Domain B after users have successfully logged in using Domain A, users with the original Domain A will not be able to login after the change is made as the restriction only allows Domain B.
- Domain restriction respects both public and private Initiatives
- Domain importing is not currently supported.
- There are no overrides for domain restriction.
Comments