Leveraging domain restriction in your Brightidea system allows administrators to secure their audience very easily using email address domain.
- The administrator can easily secure access, registrations and logins for their selected domain.
- This can be done on both the Initiative and Enterprise levels, please refer to the following to get started:
On Enterprise Level
- System administrators can leverage domain restriction right within Enterprise Setup
- To get started navigate to: Enterprise Setup > Site > Registration
- Next, select the checkbox that says "Restrict Self - Registration by Email Domain"
-
- When enabled, this checkbox will control all user access to the Enterprise level pages and only allow the inputted domains.
-
- Then, the administrator can add the select domains of which email domains have access to their Enterprise level pages:
- Once this is set, users within these email domains can:
- Login with standard Brightidea credentials
- Self - Register
- Register via Registration Invites
- Login via Single Sign On (SSO)
- Access all Enterprise level pages
- If the users domain is not in this list, they will not be able to login or access successfully.
On Initiative Level
- The same rules apply for the Initiative level. To set up domain restriction on the Initiative level - navigate to Site Setup > Access > Registration
- Administrators can add any email domains on the Initiative level.
- This restriction applies for both direct Initiative login, and for any hyperlinks to the Initiative, from the Enterprise level.
Important Things to Note:
- The administrator can add as many domains as needed.
- For SSO purposes, the user's domain must be inputted into Enterprise level domain list in order for SSO to function.
- SSO always authenticates at the Enterprise level only!
- This is true even if the user is navigating to an initiative level page.
- SSO always authenticates at the Enterprise level only!
- Please be careful for locking yourself out!
- If there is an issue where the administrator does not put a domain restriction in correctly and one locks themselves out of the Initiative - contact Brightidea Support via our Support Portal
- Also be aware if the administrator variate the restrictions on the Initiative level vs. the Enterprise level
- If User A is under Domain A, which is set to Initiative A, but not the Enterprise level, the user will see hyperlinks to that Initiative on the Enterprise level, and will not be able to access successfully - they will get logged out if they try to access
- If the administrator domain restricts Initiative A with Domain A - then User A logs in successfully
- If the administrator then replaces Domain A with Domain B - then User A will not be able to login after the change is made.
- Domain restriction respects both public and private Initiatives
- Domains cannot be imported unfortunately.
- There is no way to override domain restriction.
Comments